CVE-2010-0140Sensitive Information Exposure in Cisco Unified Meetingplace

CWE-200Sensitive Information ExposureCWE-264CWE-287Improper Authentication5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
0.6%
top 29.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Meetingplace
Timeline
PublishedJan 28
Latest updateMay 2

Description

Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDcisco/unified_meetingplace7 versions+6

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-8m94-mr2v-9fhp: Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 72022-05-02
CVEList
CVE-2010-0140: Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 72010-01-28

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Unified MeetingPlace2010-01-27

💬Community

1
Bugzilla
CVE-2010-0421 libpangoft2 segfaults on forged font files2010-01-15
CVE-2010-0140 — Sensitive Information Exposure in Cisco | cvebase