CVE-2010-0140

Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.

Published: Jan 28, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-0140
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / unified_meetingplace	5.3	5.3.x
cisco / unified_meetingplace	7.0	7.0.x
cisco / unified_meetingplace	7.0.1	7.0.1.x
cisco / unified_meetingplace	5.2	5.2.x
cisco / unified_meetingplace	7.0.2	7.0.2.x
cisco / unified_meetingplace	5.4	5.4.x
cisco / unified_meetingplace	6.0	6.0.x

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml
http://www.securityfocus.com/bid/37965

Vulnerability Database

289,697

CVE-2010-0140