Cisco Bug: CSCus97452 - Cisco Unified MeetingPlace XML External Entity (XXE) Vulnerability
Feb 03, 2017
- Cisco Unified MeetingPlace
Known Affected Releases
Symptom: A vulnerability in the web based user interface of the way Cisco Unified MeetingPlace application could allow an authenticated, remote attacker to have ''read'' access to part of information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Conditions: Cisco Unified MeetingPlace application devices running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases