cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
936
Views
0
Helpful
2
Replies

Cisco Meeting Server Guest Access Security Vulnerability

Anas Hafez
Level 1
Level 1

I have a customer who have made a penetration test on CMS (internal and external) and a security vulnerability was found that CMS doesn't terminate guest session if too many wrong pass code or call id was entered which could be exploited in a DoS attack, is there any Cisco CVE or document detailing how to overcome this vulnerability ?

I have attached an image of the penetration test report

2 Replies 2

Jaime Valencia
Cisco Employee
Cisco Employee

Have you searched for that in the Cisco security advisories site online???

You can filter by product and find any for CMS.

HTH

java

if this helps, please rate

As a matter of fact, I did, using Meeting Server and Cisco Meeting App as products but I didn’t find anything related to what I’m describing, I found a lot of DoS threads but none of them is related to the case I have described, actually I thought there’s no security risk in that regard in the first place (for example CMS actually terminates the session if a brute force attack is used) but I can’t seem to find any documentation confirming this.