Details of VAR-201305-0014

ID

VAR-201305-0014

CVE

CVE-2012-6399

TITLE

iOS Run on Cisco WebEx In SSL Vulnerability impersonating a server

Trust: 0.8

sources: JVNDB: JVNDB-2013-002832

DESCRIPTION

Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176. Cisco WebEx for iOS is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers which will aid further attacks. Cisco WebEx for iOS 4.1 is vulnerable; other versions may also be affected. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)

Trust: 1.98

sources: NVD: CVE-2012-6399 // JVNDB: JVNDB-2013-002832 // BID: 60155 // VULHUB: VHN-59680

AFFECTED PRODUCTS

vendor:	cisco	model:	webex	scope:	eq	version:	4.1	Trust: 1.6
vendor:	cisco	model:	webex	scope:	eq	version:	for ios 4.1	Trust: 0.8
vendor:	cisco	model:	webex for ios	scope:	eq	version:	4.1	Trust: 0.3

sources: BID: 60155 // JVNDB: JVNDB-2013-002832 // CNNVD: CNNVD-201305-544 // NVD: CVE-2012-6399

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-6399
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-6399
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201305-544
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-59680
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-6399
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-59680
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-59680 // JVNDB: JVNDB-2013-002832 // CNNVD: CNNVD-201305-544 // NVD: CVE-2012-6399

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-59680 // JVNDB: JVNDB-2013-002832 // NVD: CVE-2012-6399

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-544

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201305-544

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002832

PATCH

title:

Cisco WebEx

url:

http://www.cisco.com/web/JP/product/hs/webex/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2013-002832

EXTERNAL IDS

db:	NVD	id:	CVE-2012-6399	Trust: 2.8
db:	SECUNIA	id:	51412	Trust: 1.7
db:	BID	id:	60155	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002832	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-544	Trust: 0.7
db:	SEEBUG	id:	SSVID-60809	Trust: 0.1
db:	VULHUB	id:	VHN-59680	Trust: 0.1

sources: VULHUB: VHN-59680 // BID: 60155 // JVNDB: JVNDB-2013-002832 // CNNVD: CNNVD-201305-544 // NVD: CVE-2012-6399

REFERENCES

url:	http://secunia.com/advisories/51412	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6399	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6399	Trust: 0.8
url:	http://www.securityfocus.com/bid/60155	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.webex.com/	Trust: 0.3

sources: VULHUB: VHN-59680 // BID: 60155 // JVNDB: JVNDB-2013-002832 // CNNVD: CNNVD-201305-544 // NVD: CVE-2012-6399

CREDITS

Charlie Eriksen via Secunia.

Trust: 0.9

sources: BID: 60155 // CNNVD: CNNVD-201305-544

SOURCES

db:	VULHUB	id:	VHN-59680
db:	BID	id:	60155
db:	JVNDB	id:	JVNDB-2013-002832
db:	CNNVD	id:	CNNVD-201305-544
db:	NVD	id:	CVE-2012-6399

LAST UPDATE DATE

2024-08-14T15:44:55.170000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-59680	date:	2013-05-28T00:00:00
db:	BID	id:	60155	date:	2013-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002832	date:	2013-05-29T00:00:00
db:	CNNVD	id:	CNNVD-201305-544	date:	2013-05-28T00:00:00
db:	NVD	id:	CVE-2012-6399	date:	2013-05-28T04:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-59680	date:	2013-05-27T00:00:00
db:	BID	id:	60155	date:	2013-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002832	date:	2013-05-29T00:00:00
db:	CNNVD	id:	CNNVD-201305-544	date:	2013-05-27T00:00:00
db:	NVD	id:	CVE-2012-6399	date:	2013-05-27T14:55:01.037