Cisco Unified MeetingPlace 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1183520 漏洞类型 跨站脚本
发布时间 2009-02-27 更新时间 2009-03-06
CVE编号 CVE-2009-0743 CNNVD-ID CNNVD-200902-664
漏洞平台 N/A CVSS评分 3.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2009030093
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-664
|漏洞详情
CiscoUnifiedMeetingPlace是美国思科(Cisco)公司的一套多媒体会议解决方案。该方案提供了将语音、视频和Web会议集成在一起的用户环境。UnifiedMeetingPlace允许用户修改自己的帐号设置,如名称、电话分机、邮件地址等。如果用户在配置文件页面设置了特制的E-mailAddress字段的话,则其他用户在查看该用户的配置文件或该用户所创建会议的详细信息时就会导致跨站脚本攻击,在浏览器会话中执行所嵌入的恶意代码。
|漏洞EXP
Title: 	Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability

CVE Identifier: N/A

____________

Credit:

Security Assurance Team of the National Australia Bank.

The vendor was advised of this vulnerability prior to its public release.  National Australia Bank adheres to the ?Guidelines for Security Vulnerability Reporting and Response V2.0? document when issuing Security Advisories.

Class: 	Stored Cross Site Scripting

____________

Remote:	Yes

____________

Local:	No

____________

Vulnerable:

Cisco Unified Meeting Place 6.0 and possibly 7.0 ? other versions may also be vulnerable.

____________

Not Vulnerable:

____________

Vendor:	Cisco

____________

Discussion:

Cisco Unified Meeting Place is a suite of products used for remote voice, video and web conferencing.  The Cisco Unified Meeting Place web interface allows users to schedule and attend conferences.

Each user has the ability to modify their own account settings such as their name, telephone extension, email address etc. National Australia Bank?s Security Assurance Team have identified a stored cross site scripting vulnerability that could be exploited by a malicious user to execute code within another user's browser when they view a meeting created by the malicious user.

____________

Exploit:

The ?E-mail Address? field of this profile page is vulnerable to stored cross site scripting attacks.

If a user enters the following in the email field, the code within the script tags will be executed whenever that user?s profile data is viewed by other users, including when viewing the details of a meeting created by this user:

"><script>INSERT JAVASCRIPT HERE</script>

Solution:

No workaround available.

This vulnerability is fixed in Cisco Unified MeetingPlace Web Conferencing software version 6.0(517.0) also known as Maintenance Release 4 (MR4) for the 6.0 release, and version 7.0(2) also known as Maintenance Release 1 (MR1) for the 7.0 release.

____________

References:

Vendor Homepage:

http://www.cisco.com
|参考资料

来源:CISCO
名称:20090226CiscoUnifiedMeetingPlaceStoredCross-SiteScriptingVulnerability
链接:http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html
来源:XF
名称:cisco-meetingplace-emailaddress-xss(48965)
链接:http://xforce.iss.net/xforce/xfdb/48965
来源:SECTRACK
名称:1021778
链接:http://www.securitytracker.com/id?1021778
来源:BID
名称:33915
链接:http://www.securityfocus.com/bid/33915
来源:BUGTRAQ
名称:20090225CiscoUnifiedMeetingPlaceWebConferencingStoredCrossSiteScriptingVulnerability
链接:http://www.securityfocus.com/archive/1/501251/30/0/threaded