Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco Meeting Server – CVE-2016-6445 flaw allows to impersonate legitimate users

Cisco fixed a critical vulnerability in the Cisco Meeting Server, tracked as CVE-2016-6445,  that allows remote attackers to impersonate legitimate users. A security vulnerability in Cisco Meeting Server, tracked as CVE-2016-6445, could be exploited by attackers to impersonate legitimate users. Experts from Cisco uncovered the vulnerability during a routine security audit of a customer. The hole resides […]

Cisco Meeting Server – CVE-2016-6445 flaw allows to impersonate legitimate users

Cisco fixed a critical vulnerability in the Cisco Meeting Server, tracked as CVE-2016-6445,  that allows remote attackers to impersonate legitimate users.

A security vulnerability in Cisco Meeting Server, tracked as CVE-2016-6445, could be exploited by attackers to impersonate legitimate users.

Experts from Cisco uncovered the vulnerability during a routine security audit of a customer.

The hole resides in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS). According to Cisco, the XMPP service incorrectly processes a deprecated authentication scheme allowing an unauthenticated attacker to access the system impersonating another user.

“A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to masquerade as a legitimate user.” reads the security advisory published by CISCO. “This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user.”

CVE-2016-6445 flaw cisco-meeting-server

The CVE-2016-6445 flaw affects the following versions of the Cisco Meeting Server:

  • Cisco Meeting Server prior to 2.0.6 with XMPP enabled. Acano Server prior to 1.8.18 and prior to 1.9.6 with XMPP enabled.
  • Acano Server prior to 1.8.18 and prior to 1.9.6 with XMPP enabled.

CISCO urges its customers to apply appropriate updates, it also suggests as a workaround to disable the XMPP protocol using the “xmpp disable” command.

According to the company, there is no evidence that the CVE-2016-6445 has been exploited in the wild.

This is the second advisory published by Cisco for Meeting Server, a first one was published in July and it was related to a persistent cross-site scripting (XSS) flaw that allowed an unauthenticated attacker to execute arbitrary code in the context of the product’s management interface.

“A vulnerability in the web bridge that offers video via a web interface of Cisco Meeting Server Software, formerly Acano Conferencing Server, could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web interface of an affected system.” stated the Cisco Advisory.
“The vulnerability is due to improper input validation of certain parameters that are passed to an affected device via an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a malicious link.”

Back to the CVE-2016-6445 flaw, the firmware updates can be downloaded from the CISCO Software Center (Products > Conferencing > Video Conferencing > Multiparty Conferencing > Meeting Server > Meeting Server 1000 > TelePresence Software).

Acano software can be downloaded from the Acano website.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – CVE-2016-6445, Cisco Meeting Server)