====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN439
____________________________________________________________________

DATE                :  31/10/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running Cisco Unified MeetingPlace Web
                        Conferencing.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp
______________________________________________________________________

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified
MeetingPlace Web Conferencing

Advisory ID: cisco-sa-20121031-mp

Revision 1.0

For Public Release 2012 October 31 16:00  UTC (GMT)

+--------------------------------------------------------------------

Summary
=======

Cisco Unified MeetingPlace Web Conferencing is affected by two
vulnerabilities:

* Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability
* Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability

Exploitation of the Cisco Unified MeetingPlace Web Conferencing SQL
Injection Vulnerability may allow an unauthenticated, remote attacker
to send Structured Query Language (SQL) commands to manipulate the
MeetingPlace database stores information about server configuration,
meetings, and users. These commands may be used to create, delete, or
alter some of the information in the Cisco Unified MeetingPlace Web
Conferencing database.

Exploitation of the Cisco Unified MeetingPlace Web Conferencing Buffer
Overrun Vulnerability may allow an unauthenticated, remote attacker to
create a buffer overrun condition that may cause the Web Conferencing
server to become unresponsive.

Cisco has released free software updates that address these
vulnerabilities. There are no workarounds that mitigate these
vulnerabilities. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================