Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing

[Cisco Systems Product Security Incident Response Team <psirt () cisco com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified
MeetingPlace Web Conferencing

Advisory ID: cisco-sa-20121031-mp

Revision 1.0

For Public Release 2012 October 31 16:00  UTC (GMT)

+--------------------------------------------------------------------

Summary
=======

Cisco Unified MeetingPlace Web Conferencing is affected by two
vulnerabilities:

* Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability
* Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability

Exploitation of the Cisco Unified MeetingPlace Web Conferencing SQL
Injection Vulnerability may allow an unauthenticated, remote attacker
to send Structured Query Language (SQL) commands to manipulate the
MeetingPlace database stores information about server configuration,
meetings, and users. These commands may be used to create, delete, or
alter some of the information in the Cisco Unified MeetingPlace Web
Conferencing database.

Exploitation of the Cisco Unified MeetingPlace Web Conferencing Buffer
Overrun Vulnerability may allow an unauthenticated, remote attacker to
create a buffer overrun condition that may cause the Web Conferencing
server to become unresponsive.

Cisco has released free software updates that address these
vulnerabilities. There are no workarounds that mitigate these
vulnerabilities. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iF4EAREIAAYFAlCRS2sACgkQUddfH3/BbTqMAwD+MQwopEA45I2B7OCcFOkuDQ8/
TrGs6zU5Ne3h/adthZUA/jL0oa9uIVtgMmih5QPEjeNaFCsuLlQexhbPtycDJoOU
=gqZZ
-----END PGP SIGNATURE-----