Sign-up

ID

VAR-201211-0362


CVE

CVE-2012-5416


TITLE

Cisco Unified MeetingPlace Web Conferencing Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 56349 // CNNVD: CNNVD-201211-019

DESCRIPTION

Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341. Cisco Unified MeetingPlace Web Conferencing Contains a buffer overflow vulnerability. The problem is Bug ID CSCua66341 It is a problem.Service disruption by a third party ( Daemon hang ) There is a possibility of being put into a state. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Note: This BID initially referenced CVE-2012-0337. This issue was already described in BID 53431. This solution provides a user environment that integrates voice, video and Web conferencing. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Unified MeetingPlace Web Conferencing SQL Injection and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA51103 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51103/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51103 RELEASE DATE: 2012-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/51103/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51103/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51103 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct SQL injection attacks and cause a DoS (Denial of Service). 1) Certain input is not properly sanitised before being used in SQL queries. The vulnerabilities are reported in versions prior to 7.0, 7.0, 7.1, 8.0, and 8.5. SOLUTION: Update to version 7.1MR1 Patch 1, 8.0MR1 Patch 1, or 8.5MR3. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Daniel Mende, ERNW GmbH. 2) Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2012-5416 // JVNDB: JVNDB-2012-005199 // BID: 56349 // VULHUB: VHN-58697 // PACKETSTORM: 117813

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:8.5.3

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.5

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.5.4

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.5.2

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:7.0.3

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:7.0.2

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.5.1

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.0

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:7.0

Trust: 1.0

vendor:ciscomodel:unified meetingplacescope:eqversion:7.1

Trust: 1.0

vendor:ciscomodel:unified meetingplacescope:eqversion:7.0.1

Trust: 1.0

vendor:ciscomodel:unified meetingplacescope:lteversion:7.1

Trust: 1.0

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:8.5mr3

Trust: 0.8

vendor:ciscomodel:unified meetingplace web conferencingscope:ltversion:8.5

Trust: 0.8

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:8.0mr1 patch 1

Trust: 0.8

vendor:ciscomodel:unified meetingplace web conferencingscope:ltversion:8.0

Trust: 0.8

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:6.0.517.0

Trust: 0.3

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:6.0

Trust: 0.3

sources: BID: 56349 // JVNDB: JVNDB-2012-005199 // CNNVD: CNNVD-201211-019 // NVD: CVE-2012-5416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5416
value: HIGH

Trust: 1.0

NVD: CVE-2012-5416
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201211-019
value: HIGH

Trust: 0.6

VULHUB: VHN-58697
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-5416
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-58697
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-58697 // JVNDB: JVNDB-2012-005199 // CNNVD: CNNVD-201211-019 // NVD: CVE-2012-5416

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-58697 // JVNDB: JVNDB-2012-005199 // NVD: CVE-2012-5416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201211-019

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201211-019

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005199

PATCH
title:cisco-sa-20121031-mpurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp
Trust: 0.8
title:Release Notes for Cisco Unified MeetingPlace Release 8.5url:http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/8_5/english/releasenotes/mp85rn.html
Trust: 0.8
title:cisco-sa-20121031-mpurl:http://www.cisco.com/cisco/web/support/JP/111/1116/1116755_cisco-sa-20121031-mp-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-005199

EXTERNAL IDS
db:NVDid:CVE-2012-5416
Trust: 2.8
db:OSVDBid:86859
Trust: 1.1
db:JVNDBid:JVNDB-2012-005199
Trust: 0.8
db:CNNVDid:CNNVD-201211-019
Trust: 0.7
db:SECUNIAid:51103
Trust: 0.7
db:CISCOid:20121031 MULTIPLE VULNERABILITIES IN CISCO UNIFIED MEETINGPLACE WEB CONFERENCING
Trust: 0.6
db:BIDid:56349
Trust: 0.4
db:VULHUBid:VHN-58697
Trust: 0.1
db:PACKETSTORMid:117813
Trust: 0.1
sources:
            
            
            VULHUB: VHN-58697 // 
            
            
            
            BID: 56349 // 
            
            
            
            JVNDB: JVNDB-2012-005199 // 
            
            
            
            PACKETSTORM: 117813 // 
            
            
            
            CNNVD: CNNVD-201211-019 // 
            
            
            
            NVD: CVE-2012-5416

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20121031-mp
Trust: 1.8
url:http://osvdb.org/86859
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/79721
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5416
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5416
Trust: 0.8
url:http://secunia.com/advisories/51103
Trust: 0.6
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/51103/#comments
Trust: 0.1
url:http://secunia.com/advisories/51103/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=51103
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/blog/325/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-58697 // 
            
            
            
            JVNDB: JVNDB-2012-005199 // 
            
            
            
            PACKETSTORM: 117813 // 
            
            
            
            CNNVD: CNNVD-201211-019 // 
            
            
            
            NVD: CVE-2012-5416

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 56349

SOURCES
db:VULHUBid:VHN-58697
db:BIDid:56349
db:JVNDBid:JVNDB-2012-005199
db:PACKETSTORMid:117813
db:CNNVDid:CNNVD-201211-019
db:NVDid:CVE-2012-5416

LAST UPDATE DATE
2025-04-11T23:18:55.947000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-58697date:2017-08-29T00:00:00
db:BIDid:56349date:2012-11-01T16:20:00
db:JVNDBid:JVNDB-2012-005199date:2012-12-14T00:00:00
db:CNNVDid:CNNVD-201211-019date:2012-11-05T00:00:00
db:NVDid:CVE-2012-5416date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-58697date:2012-11-02T00:00:00
db:BIDid:56349date:2012-10-31T00:00:00
db:JVNDBid:JVNDB-2012-005199date:2012-11-05T00:00:00
db:PACKETSTORMid:117813date:2012-11-01T06:57:53
db:CNNVDid:CNNVD-201211-019date:2012-11-05T00:00:00
db:NVDid:CVE-2012-5416date:2012-11-02T04:46:09.263