Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 17, 2016

October 13, SecurityWeek – (International) Critical vulnerability patched in Cisco conferencing product. Cisco reported that its Cisco Meeting Server (CMS) prior to version 2.0.6 and Acano Server prior to versions 1.8.18 and 1.9.6 were plagued with a critical vulnerability affecting the Extensible Messaging and Presence Protocol (XMPP) service that could allow an unauthenticated attacker to access the system as another user if the XMPP is enabled on the affected devices, as the XMPP service incorrectly processes deprecated authentication schemes. The flaw was discovered during a routine security audit of a Cisco customer and there is no evidence the flaw has been exploited in the wild. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.