← Back

CVE-2015-4262

nvd nist
Published: Jul 24, 2015Modified: May 6, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.

Affected (17)

Cisco
1 product
Unified Meetingplace Web Conferencing
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Unified Meetingplace Web Conferencing
Version 6.0.417.0
Unified Meetingplace Web Conferencing
Version 6.0_base
Unified Meetingplace Web Conferencing
Version 7.0(1)
Unified Meetingplace Web Conferencing
Version 7.0(2)
Unified Meetingplace Web Conferencing
Version 7.0(2)_sr1
Unified Meetingplace Web Conferencing
Version 7.0(3)
Unified Meetingplace Web Conferencing
Version 7.1(1)
Unified Meetingplace Web Conferencing
Version 7.1(2)
Unified Meetingplace Web Conferencing
Version 8.0(1)
Unified Meetingplace Web Conferencing
Version 8.0(1)_sr1
Unified Meetingplace Web Conferencing
Version 8.0(2)
Unified Meetingplace Web Conferencing
Version 8.5(1)
Unified Meetingplace Web Conferencing
Version 8.5(2)
Unified Meetingplace Web Conferencing
Version 8.5(2)_sr1
Unified Meetingplace Web Conferencing
Version 8.5(2)_sr2
Unified Meetingplace Web Conferencing
Version 8.5(3)
Unified Meetingplace Web Conferencing
Version 8.5(4)

Related CWEs

CWE-255
CWE-255

References (4)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.