The password change functionality in the Cisco Unified MeetingPlace Web Conferencing application could allow an unauthenticated remote, attacker to change the passwords of arbitrary users. The vulnerability is due to the following:

Users are not required to enter the previous password during a password change request. 
HTTP session functionality does not validate the session ID in the HTTP request for the password change request.

An attacker could exploit this vulnerability via a crafted HTTP request and change arbitrary user passwords to gain access to the application. A successful exploit could allow the attacker to use the reset credentials to gain full control of the application.

Cisco has released software updates that address this vulnerability. There is no workaround that mitigates this vulnerability. This advisory is available at the following link:

Leave a Reply