Unrated severityNVD Advisory· Published Jul 24, 2015· Updated May 6, 2026
CVE-2015-4262
CVE-2015-4262
Description
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
Affected products
17cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:6.0_base:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:6.0_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\(2\)_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.1\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\(1\)_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\(2\)_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\(2\)_sr2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\(4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:6.0.417.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.