CISCO : Cisco Meeting Server Information Disclosure Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.140045

Kategorie: CISCO

Titel: Cisco Meeting Server Information Disclosure Vulnerability

Zusammenfassung: A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote;attacker to retrieve memory from a connected server.;;The vulnerability is due to missing bounds checks in the Web Bridge functionality. An attacker could;exploit this vulnerability by sending a crafted packet to the affected server. An exploit could;allow the attacker to disclose a portion of memory from the server for every packet. The disclosed;portions of memory could contain sensitive information such as private keys or passwords.;;Cisco has released software updates that address this vulnerability. Workarounds that address this;vulnerability are not available.

Beschreibung: Summary:
A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote
attacker to retrieve memory from a connected server.

The vulnerability is due to missing bounds checks in the Web Bridge functionality. An attacker could
exploit this vulnerability by sending a crafted packet to the affected server. An exploit could
allow the attacker to disclose a portion of memory from the server for every packet. The disclosed
portions of memory could contain sensitive information such as private keys or passwords.

Cisco has released software updates that address this vulnerability. Workarounds that address this
vulnerability are not available.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-6446
BugTraq ID: 93782
http://www.securityfocus.com/bid/93782

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.140045
Kategorie:	CISCO
Titel:	Cisco Meeting Server Information Disclosure Vulnerability
Zusammenfassung:	A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote;attacker to retrieve memory from a connected server.;;The vulnerability is due to missing bounds checks in the Web Bridge functionality. An attacker could;exploit this vulnerability by sending a crafted packet to the affected server. An exploit could;allow the attacker to disclose a portion of memory from the server for every packet. The disclosed;portions of memory could contain sensitive information such as private keys or passwords.;;Cisco has released software updates that address this vulnerability. Workarounds that address this;vulnerability are not available.
Beschreibung:	Summary: A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. The vulnerability is due to missing bounds checks in the Web Bridge functionality. An attacker could exploit this vulnerability by sending a crafted packet to the affected server. An exploit could allow the attacker to disclose a portion of memory from the server for every packet. The disclosed portions of memory could contain sensitive information such as private keys or passwords. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6446 BugTraq ID: 93782 http://www.securityfocus.com/bid/93782
Copyright	Copyright (C) 2016 Greenbone Networks GmbH