Guest

Preview Tool

Cisco Bug: CSCus97452 - Cisco Unified MeetingPlace XML External Entity (XXE) Vulnerability

Last Modified

Feb 03, 2017

Products (1)

  • Cisco Unified MeetingPlace

Known Affected Releases

8.6(1.9)

Description (partial)

Symptom:
A vulnerability in the web based user interface of the way Cisco Unified MeetingPlace application 
could allow an authenticated, remote attacker to have ''read'' access to part of information stored
in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) when 
parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an
affected system to import a crafted XML file.

Conditions:
Cisco Unified MeetingPlace application devices running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.