Cisco WebEx Meetings Server Open Redirect Vulnerability


Description   (:A vulnerability has been identified in the Cisco WebEx Meetings Server (CWMS) web interface.:A remote, unauthenticated attacker could exploit it by inciting their victims to follow a specially crafted link in order to redirect to a malicious website.::The vulnerability is due to improper input validation of the parameters in the HTTP request.)
     
Vulnerable Products   Vulnerable OS:
WebEx Meetings Server (Cisco) - 2.6
     
Solution   Cisco has released new versions of WebEx Meetings Server which fix this vulnerability.
     
CVE   CVE-2016-1389
     
References   - cisco-sa-20160428-cwms : Cisco WebEx Meetings Server Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-04-28 

 Target Type 
Server 

 Possible exploit 
Remote