Guest

Preview Tool

Cisco Bug: CSCum61175 - vulnerabilities with URLAPI 'BU' parameter

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Webex Meetings

Known Affected Releases

NotSpecified

Description (partial)

$IGNORE

Symptom:
This is a vulnerability in server-side code of a cloud services offering, and should not be made visible to customers. 

A vulnerability in the Cisco WebEx Meeting Center web interface which could allow an unauthenticated, 
remote attacker to redirect a user to a undesired web page. 
 
The vulnerability is due to improper input validation of the parameters of the HTTP 
request. 

An attacker could exploit this vulnerability by crafting a HTTP request which could 
cause the web application to redirect the request to a specified malicious Uniform 
Resource Locator (URL). This vulnerability is known as an Open Redirect Attack and used 
in phishing attacks to get users to visit malicious sites without their knowledge.

Conditions:
Device running with default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.