Session Hijacking Vulnerability in Cisco Unified MeetingPlace Application Server

Session Hijacking Vulnerability in Cisco Unified MeetingPlace Application Server

CVE-2013-1168 · HIGH Severity

AV:N/AC:H/AU:N/C:C/I:C/A:C

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.

Learn more about our Cis Benchmark Audit For Cisco.