The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2015-07-24T14:00:00
Updated: 2017-09-20T09:57:01
Reserved: 2015-06-04T00:00:00
Link: CVE-2015-4262
JSON object: View
NVD Information
Status : Modified
Published: 2015-07-24T14:59:02.227
Modified: 2017-09-21T01:29:09.257
Link: CVE-2015-4262
JSON object: View
Redhat Information
No data.
CWE