CVE-2015-0597Improper Input Validation in Cisco Webex Meetings Server

CWE-20Improper Input ValidationCWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 43.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex Meetings Server
Timeline
PublishedFeb 2
Latest updateMay 17

Description

The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/webex_meetings_server1.5\(.1.131\)

🔴Vulnerability Details

2
GHSA
GHSA-83c5-28q2-824v: The Forgot Password feature in Cisco WebEx Meetings Server 12022-05-17
CVEList
CVE-2015-0597: The Forgot Password feature in Cisco WebEx Meetings Server 12015-02-02

📋Vendor Advisories

1
Cisco
Cisco WebEx Meetings Server User Enumeration Vulnerability2015-01-30
CVE-2015-0597 — Improper Input Validation in Cisco | cvebase