Sign-up

ID

VAR-201305-0162


CVE

CVE-2013-1231


TITLE

Cisco WebEx Node for MCS and WebEx Meetings Server Vulnerable to reading cache files

Trust: 0.8

sources: JVNDB: JVNDB-2013-002561

DESCRIPTION

The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. Vendors have confirmed this vulnerability Bug ID CSCue36664 and CSCue36629 It is released as.A third party may be able to read the cache file through a specially crafted request. Cisco WebEx is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to certain files from the cache directory. Information obtained may aid in further attacks. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)

Trust: 1.98

sources: NVD: CVE-2013-1231 // JVNDB: JVNDB-2013-002561 // BID: 59624 // VULHUB: VHN-61233

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex node for mcsscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:lteversion:1.1

Trust: 0.8

vendor:ciscomodel:webex node for mcsscope:lteversion:8.5(5)

Trust: 0.8

vendor:ciscomodel:webex node for mcsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

sources: BID: 59624 // JVNDB: JVNDB-2013-002561 // CNNVD: CNNVD-201305-084 // NVD: CVE-2013-1231

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1231
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1231
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-084
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61233
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1231
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61233
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61233 // JVNDB: JVNDB-2013-002561 // CNNVD: CNNVD-201305-084 // NVD: CVE-2013-1231

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-61233 // JVNDB: JVNDB-2013-002561 // NVD: CVE-2013-1231

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-084

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201305-084

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002561

PATCH
title:Cisco WebEx Cache Directory Read Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1231
Trust: 0.8
title:29204url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29204
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002561

EXTERNAL IDS
db:NVDid:CVE-2013-1231
Trust: 2.8
db:JVNDBid:JVNDB-2013-002561
Trust: 0.8
db:CNNVDid:CNNVD-201305-084
Trust: 0.7
db:SECUNIAid:53313
Trust: 0.6
db:SECUNIAid:53297
Trust: 0.6
db:CISCOid:20130502 CISCO WEBEX CACHE DIRECTORY READ VULNERABILITY
Trust: 0.6
db:BIDid:59624
Trust: 0.4
db:VULHUBid:VHN-61233
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61233 // 
            
            
            
            BID: 59624 // 
            
            
            
            JVNDB: JVNDB-2013-002561 // 
            
            
            
            CNNVD: CNNVD-201305-084 // 
            
            
            
            NVD: CVE-2013-1231

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1231
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1231
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1231
Trust: 0.8
url:http://secunia.com/advisories/53297
Trust: 0.6
url:http://secunia.com/advisories/53313
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1231 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61233 // 
            
            
            
            BID: 59624 // 
            
            
            
            JVNDB: JVNDB-2013-002561 // 
            
            
            
            CNNVD: CNNVD-201305-084 // 
            
            
            
            NVD: CVE-2013-1231

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 59624

SOURCES
db:VULHUBid:VHN-61233
db:BIDid:59624
db:JVNDBid:JVNDB-2013-002561
db:CNNVDid:CNNVD-201305-084
db:NVDid:CVE-2013-1231

LAST UPDATE DATE
2024-11-23T22:46:10.849000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61233date:2013-05-03T00:00:00
db:BIDid:59624date:2013-05-02T00:00:00
db:JVNDBid:JVNDB-2013-002561date:2013-05-07T00:00:00
db:CNNVDid:CNNVD-201305-084date:2013-05-06T00:00:00
db:NVDid:CVE-2013-1231date:2024-11-21T01:49:09.730

SOURCES RELEASE DATE
db:VULHUBid:VHN-61233date:2013-05-03T00:00:00
db:BIDid:59624date:2013-05-02T00:00:00
db:JVNDBid:JVNDB-2013-002561date:2013-05-07T00:00:00
db:CNNVDid:CNNVD-201305-084date:2013-05-06T00:00:00
db:NVDid:CVE-2013-1231date:2013-05-03T11:57:44.923