Cisco WebEx Meeting Center Open Redirect Vulnerability


Description   A vulnerability was reported in Cisco WebEx Meeting Center.
A remote attacker could exploit it by enticing their victim into following a specially crafted link in order to redirect their to an arbitrary website.
This vulnerability stems from an improper validation of user input in certain parameters.
Cisco announces that a private exploitation code exists.
     
Vulnerable Products   Vulnerable Software:
WebEx Meeting Center (Cisco) - 2.5
     
Solution   No solution for the moment.
     
CVE   CVE-2015-4297
     
References   - CSCuv32136 : Cisco WebEx Meeting Center Open Redirect Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40427
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-08-12 

 Target Type 
Server 

 Possible exploit 
Remote