CVE-2013-1168Cisco Unified Meetingplace vulnerability

CWE-2644 documents4 sources
Severity
7.6HIGHNVD
EPSS
1.1%
top 22.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Meetingplace
Timeline
PublishedApr 11
Latest updateMay 17

Description

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDcisco/unified_meetingplace10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-fpmf-wc42-7p59: The web server in Cisco Unified MeetingPlace Application Server 72022-05-17
CVEList
CVE-2013-1168: The web server in Cisco Unified MeetingPlace Application Server 72013-04-11

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution2013-04-10
CVE-2013-1168 — Cisco vulnerability | cvebase