Cisco Unified MeetingPlace Multiple Session Weaknesses

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is running a conferencing application with
multiple session weaknesses.

Description :

According to its self-reported version number, the installation of
Cisco Unified MeetingPlace hosted on the remote web server may be
affected by multiple session weaknesses :

- The application fails to invalidate a session upon a
logout action, which makes it easier for remote
attackers to hijack sessions by leveraging knowledge of
a session cookie. (CVE-2013-1168)

- When the 'Remember Me' option is used, the application
fails to properly verify cookies, which may allow an
unauthenticated, remote attacker to impersonate users
via crafted login requests. (CVE-2013-1169)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
Additionally, the coarse nature of the version information Nessus
gathered is not enough to confirm that the application is vulnerable,
only that it might be affected.

See also :

Solution :

Upgrade to 7.1MR1 Patch 2 / 8.0MR1 Patch 2 / 8.5MR3 Patch 1 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 70078 ()

Bugtraq ID: 59006

CVE ID: CVE-2013-1168

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now