Cisco Systems has patched a critical vulnerability that could allow hackers to gain access to Cisco Meeting and Acano servers that are used in enterprise environments for video and audio conferencing.
The flaw allows an unauthenticated attacker to masquerade as a legitimate user because the Extensible Messaging and Presence Protocol (XMPP) service incorrectly processes a deprecated authentication scheme, Cisco said in an advisory.
The flaw affects Cisco Meeting Server versions prior to 2.0.6 with XMPP enabled, as well as versions of the Acano Server prior to 1.8.18 and prior to 1.9.6. If upgrading to the latest releases is not immediately possible, administrators are advised to disable XMPP on their servers and keep using the other available protocols.
On Wednesday the company also patched a denial-of-service flaw in Cisco Wide Area Application Services (WAAS), a clickjacking flaw in the Cisco Unified Communications Manager (CUCM), an SQL injection vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface and an issue that could affect the configuration integrity of Cisco cBR-8 converged broadband routers.
All of these vulnerabilities are rated as medium severity and patches are available to fix them. However, the company also warned customers about a cross-site request forgery vulnerability in the Cisco Finesse Agent and Supervisor Desktop Software that does not yet have a fix or a workaround.
Cisco has also been investigating the impact of recent vulnerabilities found in OpenSSL to its products and released software updates for a large number of them that incorporate the OpenSSL patches.
- Known SS7 network flaw used to drain customer bank accounts
- Some of Netgear’s most popular routers have been hit by a major flaw
- Netgear customers warned to stop using flawed routers
- Yahoo fixes a severe security vulnerability in Yahoo Mail
- Worrying security flaw found in some Intel processors
- Intel Haswell chips open to malware flaw
- 10 Best Practices for Securing Big Data
- Apple fixes serious flaw in AirPort wireless routers
- Razer unveils new 15.6″ Razer Blade gaming laptop
- The One Mix Yoga is an ultra-compact 7-inch mini laptop