CVE-2018-0359

CWE-3844 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 74.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Meeting Server
Timeline
PublishedJun 21
Latest updateMay 13

Description

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected application does not assign a new session identifier to a user session when a user authenticates to the application. An attacker could exploit this vulnerability by using a hijacked session identifier to conn

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco_meeting_server_unknownCisco Meeting Server unknown

🔴Vulnerability Details

2
GHSA
GHSA-469v-7rvc-6p7q: A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an u2022-05-13
CVEList
CVE-2018-0359: A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an u2018-06-21

📋Vendor Advisories

1
Cisco
Cisco Meeting Server Session Fixation Vulnerability2018-06-20
CVE-2018-0359 (MEDIUM CVSS 5.5) | A vulnerability in the session iden | cvebase.io