CVE-2010-0140

Description

Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.

Affected products

• Cisco / unified_meetingplace5.2 – 5.2
• Cisco / unified_meetingplace5.3 – 5.3
• Cisco / unified_meetingplace5.4 – 5.4
• Cisco / unified_meetingplace6.0 – 6.0
• Cisco / unified_meetingplace7.0 – 7.0
• Cisco / unified_meetingplace7.0.1 – 7.0.1
• Cisco / unified_meetingplace7.0.2 – 7.0.2

References

• VENDOR_ADVISORYhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml
• MISChttp://www.securityfocus.com/bid/37965