CVE-2018-0263

CVE Database · CVE-2018-0263

CVE-2018-0263

· HIGHModified

CVSS v3.1

7.4

EPSS

0.74%

Published

Jun 7, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Weaknesses (CWE)

CWE-16CWE-1188

Affected Products (2)

cisco · meeting_server (up to 2.2.13)vulnerable

cisco · meeting_server (up to 2.3.4)vulnerable

References (6)

http://www.securityfocus.com/bid/104419

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041065

Third Party AdvisoryVDB Entry