Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
837
Views
0
Helpful
2
Replies

Cisco Meeting Server Guest Access Security Vulnerability

Anas Hafez
Level 1
Level 1

‎11-15-2020 08:12 AM

I have a customer who have made a penetration test on CMS (internal and external) and a security vulnerability was found that CMS doesn't terminate guest session if too many wrong pass code or call id was entered which could be exploited in a DoS attack, is there any Cisco CVE or document detailing how to overcome this vulnerability ?

I have attached an image of the penetration test report

Labels:
Preview file
59 KB
0 Helpful
2 Replies 2

Jaime Valencia
Cisco Employee
Cisco Employee

‎11-15-2020 04:14 PM

Have you searched for that in the Cisco security advisories site online???

You can filter by product and find any for CMS.

HTH

java

if this helps, please rate
0 Helpful

Anas Hafez
Level 1
Level 1
In response to Jaime Valencia

‎11-17-2020 02:15 AM

As a matter of fact, I did, using Meeting Server and Cisco Meeting App as products but I didn’t find anything related to what I’m describing, I found a lot of DoS threads but none of them is related to the case I have described, actually I thought there’s no security risk in that regard in the first place (for example CMS actually terminates the session if a brute force attack is used) but I can’t seem to find any documentation confirming this.

0 Helpful
Customers Also Viewed These Support Documents