Menu
Cisco patches critical authentication flaw in conferencing servers

Cisco patches critical authentication flaw in conferencing servers

Hackers could exploit the issue to masquerade as legitimate users

Cisco Systems has patched a critical vulnerability that could allow hackers to gain access to Cisco Meeting and Acano servers that are used in enterprise environments for video and audio conferencing.

The flaw allows an unauthenticated attacker to masquerade as a legitimate user because the Extensible Messaging and Presence Protocol (XMPP) service incorrectly processes a deprecated authentication scheme, Cisco said in an advisory.

The flaw affects Cisco Meeting Server versions prior to 2.0.6 with XMPP enabled, as well as versions of the Acano Server prior to 1.8.18 and prior to 1.9.6. If upgrading to the latest releases is not immediately possible, administrators are advised to disable XMPP on their servers and keep using the other available protocols.

On Wednesday the company also patched a denial-of-service flaw in Cisco Wide Area Application Services (WAAS), a clickjacking flaw in the Cisco Unified Communications Manager (CUCM), an SQL injection vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface and an issue that could affect the configuration integrity of Cisco cBR-8 converged broadband routers.

All of these vulnerabilities are rated as medium severity and patches are available to fix them. However, the company also warned customers about a cross-site request forgery vulnerability in the Cisco Finesse Agent and Supervisor Desktop Software that does not yet have a fix or a workaround.

Cisco has also been investigating the impact of recent vulnerabilities found in OpenSSL to its products and released software updates for a large number of them that incorporate the OpenSSL patches.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments