Sign-up

ID

VAR-201301-0348


CVE

CVE-2013-1109


TITLE

Cisco WebEx Training Center Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2013-001205

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCzu81067

Trust: 1.98

sources: NVD: CVE-2013-1109 // JVNDB: JVNDB-2013-001205 // BID: 57489 // VULHUB: VHN-61111

AFFECTED PRODUCTS

vendor:ciscomodel:webex training centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex training centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex training centerscope:eqversion:0

Trust: 0.3

sources: BID: 57489 // JVNDB: JVNDB-2013-001205 // CNNVD: CNNVD-201301-370 // NVD: CVE-2013-1109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1109
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1109
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201301-370
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61111
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1109
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61111
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61111 // JVNDB: JVNDB-2013-001205 // CNNVD: CNNVD-201301-370 // NVD: CVE-2013-1109

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-61111 // JVNDB: JVNDB-2013-001205 // NVD: CVE-2013-1109

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-370

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201301-370

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001205

PATCH
title:Cross-Site Request Forgery Vulnerability in testingLibraryAction.dourl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1109
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-001205

EXTERNAL IDS
db:NVDid:CVE-2013-1109
Trust: 2.8
db:SECTRACKid:1028016
Trust: 1.1
db:JVNDBid:JVNDB-2013-001205
Trust: 0.8
db:CNNVDid:CNNVD-201301-370
Trust: 0.7
db:CISCOid:20130114 CROSS-SITE REQUEST FORGERY VULNERABILITY IN TESTINGLIBRARYACTION.DO
Trust: 0.6
db:BIDid:57489
Trust: 0.4
db:VULHUBid:VHN-61111
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61111 // 
            
            
            
            BID: 57489 // 
            
            
            
            JVNDB: JVNDB-2013-001205 // 
            
            
            
            CNNVD: CNNVD-201301-370 // 
            
            
            
            NVD: CVE-2013-1109

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1109
Trust: 2.0
url:http://www.securitytracker.com/id/1028016
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1109
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1109
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps10410/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61111 // 
            
            
            
            BID: 57489 // 
            
            
            
            JVNDB: JVNDB-2013-001205 // 
            
            
            
            CNNVD: CNNVD-201301-370 // 
            
            
            
            NVD: CVE-2013-1109

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 57489

SOURCES
db:VULHUBid:VHN-61111
db:BIDid:57489
db:JVNDBid:JVNDB-2013-001205
db:CNNVDid:CNNVD-201301-370
db:NVDid:CVE-2013-1109

LAST UPDATE DATE
2024-11-23T22:42:41.263000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61111date:2013-02-02T00:00:00
db:BIDid:57489date:2013-01-14T00:00:00
db:JVNDBid:JVNDB-2013-001205date:2013-01-22T00:00:00
db:CNNVDid:CNNVD-201301-370date:2013-01-21T00:00:00
db:NVDid:CVE-2013-1109date:2024-11-21T01:48:55.423

SOURCES RELEASE DATE
db:VULHUBid:VHN-61111date:2013-01-17T00:00:00
db:BIDid:57489date:2013-01-14T00:00:00
db:JVNDBid:JVNDB-2013-001205date:2013-01-22T00:00:00
db:CNNVDid:CNNVD-201301-370date:2013-01-18T00:00:00
db:NVDid:CVE-2013-1109date:2013-01-17T15:55:01.657