漏洞标题
N/A
漏洞描述信息
Cisco Meeting Server 中的一个漏洞可能导致未验证的远程攻击者获取受影响系统的组件或敏感信息,从而导致远程代码执行。该漏洞是由于设备默认配置不正确,可能会在系统外部接口暴露内部接口和端口。一个成功的漏洞利用可能导致攻击者获取受影响系统的配置和数据库文件以及敏感会议信息。此外,如果启用使用代理NAT(TURN)服务并使用传输层安全连接,攻击者可以利用 TURN 密码将流量转发到设备服务进程,从而实现远程攻击。此漏洞影响在 2.2.11 之前运行的 Cisco Meeting Server (CMS) Acano X 系列平台。Cisco Bug ID: CSCvg76469。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469.
CVSS信息
N/A
漏洞类别
配置
漏洞标题
Cisco Meeting Server Acano X-series Cisco Meeting Server Software 配置错误漏洞
漏洞描述信息
Cisco Meeting Server(CMS)Acano X-series是美国思科(Cisco)公司的一款会议服务器。Cisco Meeting Server(CMS)Software是运行在其中的一套视频会议系统。 CMS Acano X-series平台上的CMS Software 2.2.11之前版本存在配置错误漏洞。远程攻击者可利用该漏洞获取配置和数据库文件及敏感会议信息的访问权限。
CVSS信息
N/A
漏洞类别
配置错误