Sign-up

ID

VAR-201305-0118


CVE

CVE-2013-1245


TITLE

Cisco WebEx Social Vulnerability that bypasses access restrictions on user management pages

Trust: 0.8

sources: JVNDB: JVNDB-2013-002734

DESCRIPTION

The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190. Vendors have confirmed this vulnerability Bug ID CSCue67190 It is released as.Remotely authenticated users could bypass access restrictions through crafted requests. Cisco WebEx Social is prone to multiple security-bypass vulnerabilities. Attackers can exploit these issues to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. This issue is being tracked by the Cisco Bug ID CSCue67190. Cisco WebEx Social is an enterprise collaboration system platform of Cisco (Cisco). The system platform provides functions such as voice, video, applications (Web conferencing applications, messaging applications, mobile applications) and enterprise social software

Trust: 1.98

sources: NVD: CVE-2013-1245 // JVNDB: JVNDB-2013-002734 // BID: 59871 // VULHUB: VHN-61247

AFFECTED PRODUCTS

vendor:ciscomodel:webex socialscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex socialscope:eqversion:3.0(1)

Trust: 0.8

vendor:ciscomodel:webex socialscope:eqversion:3.1(0) sr1

Trust: 0.8

vendor:ciscomodel:webex socialscope:eqversion:sr2

Trust: 0.8

vendor:ciscomodel:webex socialscope:eqversion:sr3

Trust: 0.8

vendor:ciscomodel:webex socialscope:eqversion:3.1(1) sr1

Trust: 0.8

sources: JVNDB: JVNDB-2013-002734 // CNNVD: CNNVD-201305-311 // NVD: CVE-2013-1245

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1245
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1245
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-311
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61247
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1245
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61247
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61247 // JVNDB: JVNDB-2013-002734 // CNNVD: CNNVD-201305-311 // NVD: CVE-2013-1245

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-61247 // JVNDB: JVNDB-2013-002734 // NVD: CVE-2013-1245

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-311

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201305-311

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002734

PATCH
title:WebEx Social Client-Side Restriction Bypass Attribute Change Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1245
Trust: 0.8
title:29338url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29338
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002734

EXTERNAL IDS
db:NVDid:CVE-2013-1245
Trust: 2.8
db:BIDid:59871
Trust: 1.0
db:JVNDBid:JVNDB-2013-002734
Trust: 0.8
db:CNNVDid:CNNVD-201305-311
Trust: 0.7
db:NSFOCUSid:23709
Trust: 0.6
db:CISCOid:20130514 WEBEX SOCIAL CLIENT-SIDE RESTRICTION BYPASS ATTRIBUTE CHANGE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-61247
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61247 // 
            
            
            
            BID: 59871 // 
            
            
            
            JVNDB: JVNDB-2013-002734 // 
            
            
            
            CNNVD: CNNVD-201305-311 // 
            
            
            
            NVD: CVE-2013-1245

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1245
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1245
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1245
Trust: 0.8
url:http://www.securityfocus.com/bid/59871
Trust: 0.6
url:http://www.nsfocus.net/vulndb/23709
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61247 // 
            
            
            
            BID: 59871 // 
            
            
            
            JVNDB: JVNDB-2013-002734 // 
            
            
            
            CNNVD: CNNVD-201305-311 // 
            
            
            
            NVD: CVE-2013-1245

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 59871

SOURCES
db:VULHUBid:VHN-61247
db:BIDid:59871
db:JVNDBid:JVNDB-2013-002734
db:CNNVDid:CNNVD-201305-311
db:NVDid:CVE-2013-1245

LAST UPDATE DATE
2024-11-23T22:35:23.987000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61247date:2013-05-16T00:00:00
db:BIDid:59871date:2013-05-24T17:54:00
db:JVNDBid:JVNDB-2013-002734date:2013-05-17T00:00:00
db:CNNVDid:CNNVD-201305-311date:2013-05-16T00:00:00
db:NVDid:CVE-2013-1245date:2024-11-21T01:49:10.970

SOURCES RELEASE DATE
db:VULHUBid:VHN-61247date:2013-05-16T00:00:00
db:BIDid:59871date:2013-05-14T00:00:00
db:JVNDBid:JVNDB-2013-002734date:2013-05-17T00:00:00
db:CNNVDid:CNNVD-201305-311date:2013-05-16T00:00:00
db:NVDid:CVE-2013-1245date:2013-05-16T03:36:22.767