Cisco Meeting Server Cross-Site Request Forgery Vulnerability (CVE-2016-6444)

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow an attacker to submit arbitrary requests to the affected device via the Web Bridge with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

思科会议服务器存在一处漏洞，可能使未经身份验证的远程攻击者针对Web桥接用户执行跨站请求伪造（CSRF）攻击。该漏洞源于 CSRF 防护措施不足。攻击者可能通过诱使用户受影响的系统用户点击恶意链接或访问受攻击者控制的网站来利用此漏洞。成功利用该漏洞可能允许攻击者以用户的权限通过Web桥接向受影响设备提交任意请求。思科已发布软件更新以解决此漏洞。目前尚无解决此漏洞的缓解措施。