CVE-2018-15446 MEDIUM

CVE-2018-15446: Cisco Meeting Server Information Disclosure Vulnerability

Vendor Cisco
Product Cisco Meeting Server
Weakness CWE-200 · Info exposure
Published November 8, 2018
Last update November 26, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits.

Key dates

02Disclosure timeline

November 8, 2018 CVE published
November 26, 2024 Record updated