AV:N/AC:L/Au:N/C:N/I:P/A:C/E:F/RL:OF/RC:C
-
Cisco Unified MeetingPlace Web Conferencing is affected by two vulnerabilities:
- Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability
- Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability
Exploitation of the Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability may allow an unauthenticated, remote attacker to send Structured Query Language (SQL) commands to manipulate the MeetingPlace database stores information about server configuration, meetings, and users. These commands may be used to create, delete, or alter some of the information in the Cisco Unified MeetingPlace Web Conferencing database.
Exploitation of the Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability may allow an unauthenticated, remote attacker to create a buffer overrun condition that may cause the Web Conferencing server to become unresponsive.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp
-
Vulnerable Products
The following versions of Cisco Unified MeetingPlace Web Conferencing are vulnerable to Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability:
Version Affected Prior to 7.0 No 7.0 Yes 7.1 Yes 8.0 Yes 8.5 Yes
The following versions of Cisco Unified MeetingPlace Web Conferencing are vulnerable to Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability:
Version Affected Prior to 7.0 Yes 7.0 Yes 7.1 Yes 8.0 Yes 8.5 Yes
Note: Cisco Unified MeetingPlace Web Conferencing versions prior to 7.0 reached end of software maintenance. Customers running versions prior to 7.0 should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Unified MeetingPlace.Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by these vulnerabilities.
-
The Cisco Unified MeetingPlace conferencing solution provides functionality that allows organizations to host integrated voice, video, and web conferencing. The solution is deployed on network and integrated directly into an organization's private voice/data networks and enterprise applications. Cisco Unified MeetingPlace servers can be deployed so that the server is accessible from the Internet, allowing external parties to participate in meetings.
Web Conferencing is a core component of the Cisco Unified MeetingPlace conferencing solution that allows users to share applications and presentations and manage meetings.
Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability
The Cisco Unified MeetingPlace Web Conferencing service contains a vulnerability that could allow an unauthenticated, remote attacker to inject Structured Query Language (SQL) commands, that may affect the integrity and availability of the data stored in the MeetingPlace Web Conferencing internal database. This data may include server configurations, meetings, and users.
The vulnerability is due to insufficient validation of some of the parameters passed through the HTTP POST method. An attacker could exploit this vulnerability by inserting malicious SQL commands in the HTTP POST request directed to the affected system. An exploit could allow the attacker to modify or delete data from the Web Conferencing database.
This vulnerability is documented in Cisco bug ID CSCtx08939 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-0337
Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability
The Cisco Unified MeetingPlace Web Conferencing service contains a vulnerability that could allow an unauthenticated, remote attacker to create a buffer overrun condition that may cause the Web Conferencing server to become unresponsive.
The vulnerability is due to insufficient validation of some parameter values of an HTTP POST request. An attacker may be able to exploit this vulnerability by crafting the value of the vulnerable parameters in an HTTP POST request directed to the affected system. An exploit could allow the attacker to cause the Web Conferencing server to become unresponsive.
This vulnerability is documented in Cisco bug ID CSCua66341 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-5416
-
No workarounds are available to mitigate these vulnerabilities.
-
Cisco has released software updates that address these vulnerabilities.
The following table contains the first fixed releases of software:
Cisco Unified MeetingPlace Web Conferencing SQL Injection VulnerabilityVulnerability
Major Release First Fix In Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability - CSCtx08939
7.0 7.1MR1
7.1 7.1MR1 8.0 8.0MR1 Patch 1
8.5 8.5MR3
Cisco Unified MeetingPlace Web Conferencing Buffer Overrun VulnerabilityVulnerability
Major Release First Fix In Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability - CSCua66341
7.0 7.1MR1 Patch 1
7.1 7.1MR1 Patch 1
8.0 8.0MR1 Patch 1 8.5 8.5MR3 Recommended Releases
The following table lists all recommended releases. These recommended releases contain the fixes for all vulnerabilities in this advisory. Cisco recommends upgrading to a release that is equal to or later than these recommended releases.
Major Release
Recommended Release
7.0 Migrate to 7.1MR1 Patch 1 7.1 7.1MR1 Patch 1 8.0
8.0MR1 Patch 1 8.5 8.5MR3
When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability was reported to Cisco by Daniel Mende from ERNW GmbH.
Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability was found during internal tests.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.1 2012-November-27 Updated the "Vulnerable Products" section to indicate that versions prior to 7.0 are not affected by the SQL injection vulnerability. Revision 1.0 2012-October-31 Initial public release.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.