Sign-up

ID

VAR-201301-0349


CVE

CVE-2013-1110


TITLE

Cisco WebEx Training Center Vulnerabilities bypassing permissions restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2013-001230

DESCRIPTION

Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065. Cisco WebEx Training Center Has been bypassed by permissions, training-center Records of (1) Activation, or (2) There are vulnerabilities that are disabled. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)

Trust: 1.98

sources: NVD: CVE-2013-1110 // JVNDB: JVNDB-2013-001230 // BID: 57488 // VULHUB: VHN-61112

AFFECTED PRODUCTS

vendor:ciscomodel:webex training centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex training centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2013-001230 // CNNVD: CNNVD-201301-405 // NVD: CVE-2013-1110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1110
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1110
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201301-405
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61112
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1110
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61112
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61112 // JVNDB: JVNDB-2013-001230 // CNNVD: CNNVD-201301-405 // NVD: CVE-2013-1110

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-61112 // JVNDB: JVNDB-2013-001230 // NVD: CVE-2013-1110

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-405

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201301-405

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001230

PATCH
title:Cisco WebEx Enable/Disable Availability of Recordingsurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1110
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-001230

EXTERNAL IDS
db:NVDid:CVE-2013-1110
Trust: 2.8
db:BIDid:57488
Trust: 1.4
db:SECTRACKid:1028013
Trust: 1.1
db:JVNDBid:JVNDB-2013-001230
Trust: 0.8
db:CNNVDid:CNNVD-201301-405
Trust: 0.7
db:CISCOid:20130116 CISCO WEBEX ENABLE/DISABLE AVAILABILITY OF RECORDINGS
Trust: 0.6
db:SEEBUGid:SSVID-60606
Trust: 0.1
db:VULHUBid:VHN-61112
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61112 // 
            
            
            
            BID: 57488 // 
            
            
            
            JVNDB: JVNDB-2013-001230 // 
            
            
            
            CNNVD: CNNVD-201301-405 // 
            
            
            
            NVD: CVE-2013-1110

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1110
Trust: 1.7
url:http://www.securityfocus.com/bid/57488
Trust: 1.1
url:http://www.securitytracker.com/id/1028013
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1110
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1110
Trust: 0.8
sources:
            
            
            VULHUB: VHN-61112 // 
            
            
            
            JVNDB: JVNDB-2013-001230 // 
            
            
            
            CNNVD: CNNVD-201301-405 // 
            
            
            
            NVD: CVE-2013-1110

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 57488

SOURCES
db:VULHUBid:VHN-61112
db:BIDid:57488
db:JVNDBid:JVNDB-2013-001230
db:CNNVDid:CNNVD-201301-405
db:NVDid:CVE-2013-1110

LAST UPDATE DATE
2024-11-23T22:13:53.911000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61112date:2013-02-02T00:00:00
db:BIDid:57488date:2013-01-22T00:00:00
db:JVNDBid:JVNDB-2013-001230date:2013-01-23T00:00:00
db:CNNVDid:CNNVD-201301-405date:2013-01-22T00:00:00
db:NVDid:CVE-2013-1110date:2024-11-21T01:48:55.533

SOURCES RELEASE DATE
db:VULHUBid:VHN-61112date:2013-01-21T00:00:00
db:BIDid:57488date:2013-01-22T00:00:00
db:JVNDBid:JVNDB-2013-001230date:2013-01-23T00:00:00
db:CNNVDid:CNNVD-201301-405date:2013-01-22T00:00:00
db:NVDid:CVE-2013-1110date:2013-01-21T21:55:01.603