Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Embedded Server/Appliance)  >   Cisco Meeting Server Vendors:   Cisco
Cisco Meeting Server TURN Server Configuration Error Lets Remote Authenticated Users Access the Target System
SecurityTracker Alert ID:  1039357
SecurityTracker URL:
CVE Reference:   CVE-2017-12249   (Links to External Site)
Date:  Sep 13 2017
Impact:   Host/resource access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco Meeting Server. A remote authenticated user can gain access to the target system.

The specific impact depends on the deployment model and Cisco Meeting Server (CMS) services in use.

TURN servers that use Transport Layer Security (TLS) connections, are running on the same virtual machine as other co-located CMS services, and are running on the same virtual machine as a Call Bridge, a Web Bridge, or a database node that is part of a database cluster in the target CMS deployment are affected.

The vendor has assigned bug ID CSCvf51127 to this vulnerability.

Impact:   A remote authenticated user can gain access to components of the target system.
Solution:   The vendor has issued a fix (2.0.16, 2.1.11, 2.2.6).

The vendor advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Configuration error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC