CVE-2010-0142 — Sensitive Information Exposure in Cisco Unified Meetingplace

CWE-264 CWE-200 — Sensitive Information Exposure CWE-287 — Improper Authentication4 documents4 sources

Severity

8.5HIGHNVD

EPSS

0.5%

top 35.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Meetingplace

Timeline

PublishedJan 28

Latest updateMay 2

Description

MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/unified_meetingplace4 versions+3

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-w226-g6hj-jc8p: MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentica↗2022-05-02

▶

CVEList

CVE-2010-0142: MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentica↗2010-01-28

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Unified MeetingPlace↗2010-01-27

▶