SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Embedded Server/Appliance)  >   Cisco Meeting Server Vendors:   Cisco
Cisco Meeting Server TURN Server Configuration Error Lets Remote Authenticated Users Access the Target System
SecurityTracker Alert ID:  1039357
SecurityTracker URL:  http://securitytracker.com/id/1039357
CVE Reference:   CVE-2017-12249   (Links to External Site)
Date:  Sep 13 2017
Impact:   Host/resource access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco Meeting Server. A remote authenticated user can gain access to the target system.

A remote authenticated user can exploit a default configuration error in the Traversal Using Relay NAT (TURN) server component to gain access to internal interfaces and ports on the target Call Bridge, a Web Bridge, or a database cluster in a target system.

The specific impact depends on the deployment model and Cisco Meeting Server (CMS) services in use.

TURN servers that use Transport Layer Security (TLS) connections, are running on the same virtual machine as other co-located CMS services, and are running on the same virtual machine as a Call Bridge, a Web Bridge, or a database node that is part of a database cluster in the target CMS deployment are affected.

The vendor has assigned bug ID CSCvf51127 to this vulnerability.

Impact:   A remote authenticated user can gain access to components of the target system.
Solution:   The vendor has issued a fix (2.0.16, 2.1.11, 2.2.6).

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC