VIR Vulnerability Intelligence Relay

CVE-2013-1168

high
Published 2013-04-11 · Modified 2026-04-29
CVSS v3
CVSS v2
7.6
VIR risk
7.6

Description

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp

Application impact
VendorProductVersionsFixed
cisco ciscounified_meetingplace7.0
cisco ciscounified_meetingplace7.0.1
cisco ciscounified_meetingplace7.0.2
cisco ciscounified_meetingplace7.0.3
cisco ciscounified_meetingplace7.1
cisco ciscounified_meetingplace8.0
cisco ciscounified_meetingplace8.5
cisco ciscounified_meetingplace8.5.1
cisco ciscounified_meetingplace8.5.2
cisco ciscounified_meetingplace8.5.3

References

Verify integrity in audit chain (admin only). AS-IS.