Details of VAR-201305-0163

ID

VAR-201305-0163

CVE

CVE-2013-1232

TITLE

plural Cisco WebEx Product HTTP Vulnerable to reading content in the implementation

Trust: 0.8

sources: JVNDB: JVNDB-2013-002562

DESCRIPTION

The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252. Vendors report this vulnerability Bug ID CSCue36672 , CSCue31363 , CSCuf17466 ,and CSCug61252 Published as.A third party could read the contents of the uninitialized memory area via a crafted request. Cisco WebEx is a web conferencing solution. A security vulnerability exists in the HTTP implementation of multiple Cisco WebEx products. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)

Trust: 2.61

sources: NVD: CVE-2013-1232 // JVNDB: JVNDB-2013-002562 // CNVD: CNVD-2013-05068 // BID: 59649 // VULHUB: VHN-61234 // VULMON: CVE-2013-1232

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-05068

AFFECTED PRODUCTS

vendor:	cisco	model:	webex node for asr 1000 series	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex node for mcs	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.1	Trust: 0.8
vendor:	cisco	model:	webex node for asr 1000 series	scope:	eq	version:	15.3(01)s	Trust: 0.8
vendor:	cisco	model:	webex node for mcs	scope:	lte	version:	8.5(5)	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	webex node for mcs	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	webex node for asr series	scope:	eq	version:	1000	Trust: 0.6
vendor:	cisco	model:	webex node for mcs	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex node for asr series	scope:	eq	version:	10000	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-05068 // BID: 59649 // JVNDB: JVNDB-2013-002562 // CNNVD: CNNVD-201305-088 // NVD: CVE-2013-1232

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1232
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1232
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-05068
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201305-088
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61234
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2013-1232
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1232
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2013-05068
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-61234
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-05068 // VULHUB: VHN-61234 // VULMON: CVE-2013-1232 // JVNDB: JVNDB-2013-002562 // CNNVD: CNNVD-201305-088 // NVD: CVE-2013-1232

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-61234 // JVNDB: JVNDB-2013-002562 // NVD: CVE-2013-1232

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-088

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201305-088

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002562

PATCH

title:	Cisco WebEx Uninitialized Memory Read Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232	Trust: 0.8
title:	29217	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29217	Trust: 0.8
title:	Patch for Cisco WebEx Memory Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/33862	Trust: 0.6

sources: CNVD: CNVD-2013-05068 // JVNDB: JVNDB-2013-002562

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1232	Trust: 3.5
db:	BID	id:	59649	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002562	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-088	Trust: 0.7
db:	CNVD	id:	CNVD-2013-05068	Trust: 0.6
db:	CISCO	id:	20130503 CISCO WEBEX UNITIALIZED MEMORY READ VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-61234	Trust: 0.1
db:	VULMON	id:	CVE-2013-1232	Trust: 0.1

sources: CNVD: CNVD-2013-05068 // VULHUB: VHN-61234 // VULMON: CVE-2013-1232 // BID: 59649 // JVNDB: JVNDB-2013-002562 // CNNVD: CNNVD-201305-088 // NVD: CVE-2013-1232

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1232	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1232	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1232	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1232	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2013-05068 // VULHUB: VHN-61234 // VULMON: CVE-2013-1232 // BID: 59649 // JVNDB: JVNDB-2013-002562 // CNNVD: CNNVD-201305-088 // NVD: CVE-2013-1232

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 59649

SOURCES

db:	CNVD	id:	CNVD-2013-05068
db:	VULHUB	id:	VHN-61234
db:	VULMON	id:	CVE-2013-1232
db:	BID	id:	59649
db:	JVNDB	id:	JVNDB-2013-002562
db:	CNNVD	id:	CNNVD-201305-088
db:	NVD	id:	CVE-2013-1232

LAST UPDATE DATE

2024-11-23T22:49:34.979000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-05068	date:	2013-05-27T00:00:00
db:	VULHUB	id:	VHN-61234	date:	2013-05-06T00:00:00
db:	VULMON	id:	CVE-2013-1232	date:	2013-05-06T00:00:00
db:	BID	id:	59649	date:	2013-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-002562	date:	2013-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201305-088	date:	2013-05-06T00:00:00
db:	NVD	id:	CVE-2013-1232	date:	2024-11-21T01:49:09.843

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-05068	date:	2013-05-10T00:00:00
db:	VULHUB	id:	VHN-61234	date:	2013-05-04T00:00:00
db:	VULMON	id:	CVE-2013-1232	date:	2013-05-04T00:00:00
db:	BID	id:	59649	date:	2013-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-002562	date:	2013-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201305-088	date:	2013-05-06T00:00:00
db:	NVD	id:	CVE-2013-1232	date:	2013-05-04T03:24:41.700