Vigil@nce - Cisco Unified MeetingPlace: information disclosure
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can download any arbitrary chosen file via Cisco
Unified MeetingPlace, in order to obtain sensitive information.
Impacted products: Cisco Unified Meeting Place
Severity: 2/4
Creation date: 04/06/2015
DESCRIPTION OF THE VULNERABILITY
The Cisco Unified MeetingPlace product offers a web service.
However, an attacker can bypass the access rules to files in such
a way that the attacker can download any arbitrary chosen file.
An attacker can therefore download any arbitrary chosen file via
Cisco Unified MeetingPlace, in order to obtain sensitive
information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Unified-MeetingPlace-information-disclosure-17059