{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-22T00:00:00", "descriptions": [{"lang": "en", "value": "The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-20T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20150722 Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp"}, {"name": "1033024", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033024"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-4262", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20150722 Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp"}, {"name": "1033024", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033024"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-4262", "datePublished": "2015-07-24T14:00:00", "dateReserved": "2015-06-04T00:00:00", "dateUpdated": "2017-09-20T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:6.0.417.0:*:*:*:*:*:*:*", "matchCriteriaId": "B3D3E512-2A9F-43E0-A363-A9B7D81C2922", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:6.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "54B1E218-B378-4119-A439-23E74EA008C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "2BAD75EE-2B65-4E15-BCCD-02710E8FAECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "13A4496E-D15C-4506-8551-A29C49533573", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\\(2\\)_sr1:*:*:*:*:*:*:*", "matchCriteriaId": "33682A2F-B5C4-4AEF-915E-DCDAE8A09891", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "D4D15FA7-CFDB-4DAD-854A-DF84B02ADEF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.1\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "449923E2-5772-400B-A353-0634774946AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.1\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "413A2232-EF73-4A00-96DF-F1BE3A12A532", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "69F97EA5-2520-4CD7-A4E8-BCBA3725A6F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\\(1\\)_sr1:*:*:*:*:*:*:*", "matchCriteriaId": "C7A3E983-29CD-4A3C-B0AF-DE9C904A83EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "E32E4F4B-F093-47BE-B57B-0BD373E82BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "2593F2B4-9583-4B58-8DE0-95C51DB21751", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "B2DB0F2C-AE4A-44E2-BCD1-6A6E642A3C4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(2\\)_sr1:*:*:*:*:*:*:*", "matchCriteriaId": "19D5C268-DC1A-47A5-89C1-E55AD534158E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(2\\)_sr2:*:*:*:*:*:*:*", "matchCriteriaId": "6F823F50-D4E5-41D5-84A9-3ECB76028293", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "9819C361-160B-46EE-818F-E25FF7DDA0F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "525417A0-E568-43AB-8BE4-6C1F93F6D935", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839."}, {"lang": "es", "value": "Vulnerabilidad en la funcionalidad password-change en Cisco Unified MeetingPlace Web Conferencing en versiones anteriores a la 8.5(5) MR3 y 8.6 anteriores a la 8.6(2), no comprueba el ID de sesi\u00f3n o exige el ingreso de la contrase\u00f1a actual, lo cual permite a atacantes remotos reiniciar arbitrariamente las contrase\u00f1as a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCuu51839."}], "id": "CVE-2015-4262", "lastModified": "2017-09-21T01:29:09.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-24T14:59:02.227", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1033024"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}