[<prev] [next>] [day] [month] [year] [list]
Message-id: <201610121205.6.msc@psirt.cisco.com>
Date: Wed, 12 Oct 2016 12:05:50 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Meeting Server Client Authentication Bypass Vulnerability
Advisory ID: cisco-sa-20161012-msc
Revision 1.0
For Public Release 2016 October 12 16:00 UTC (GMT)
Last Updated 2016 October 12 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP)
service of the Cisco Meeting Server (CMS) could allow an unauthenticated,
remote attacker to masquerade as a legitimate user. This vulnerability
is due to the XMPP service incorrectly processing a deprecated
authentication scheme. A successful exploit could allow an attacker to
access the system as another user.
Cisco has released software updates that address this vulnerability.
Workarounds that address this vulnerability in some environments are
available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc
-----BEGIN PGP SIGNATURE-----
iQIVAwUBV/5T1K89gD3EAJB5AQJXixAAya7sQ4U4yX6jUyZlGvudqvto/qHd4gj5
1KCqLAs6zo1xQ2FckY5ZcSRCmih3ePR3gn7MMa3hvyaPRrBqqIsStRcsbxgWKK4o
b3z82O3Ff/texUaVCGcPjOlW3Dyji0YNblq5WaNqoNyTDxHRsoF0q9ZfRCPQ7px7
ixH7sjlSnR7M5y8Xvx0ZHPrgD3dh0UFdBsywM8wWKAwMRMgnOK3R8TlbmvRNwEQu
JOjdiIjgiZ0f0mF4aqUNwSzkBbSBEZJ9PbHDWBfxcFnUu06Bja+wRIqIP+iaUFUB
RFZukZ19hPjbuIb3qeKOjpbvOBWdt6w+LGmaVLAvQGooFg3at/LhCfPjjKkPZxfy
E2kD2YjkI1iKbVU79qGmZZXydUp36Ec3uLQVKZJV0vYyg1Frrgh1NXBnQjjCJq1+
+yA3PB2REapoVF+GJ8S5Rce/xYuIh1BG5WMHDGtGKig01e34nvVKHaDVxUmvF/bu
Ldd3WyjJqd0hueeVeAMnogph4Yk9Q0g4WugNKex8gmiYnA6RVe/j6W8MUWLi2vb6
4wep9961nqk16hOeNhNGO9CU5NXNj2hPEMBwgcsA7RJDMLEQpuEmBpuBzxl17vya
vEdt/RQzKTho23POnsSpyucQ5TbXsiqtHxzN2lke9UH0zNKOLJXo+y0b/EElWSAC
AnmG++lEvcw=
=Y8pC
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists