Sign-up

ID

VAR-201306-0137


CVE

CVE-2013-1205


TITLE

Cisco WebEx Meetings Server of Event Center Vulnerability to break host key and event password in module

Trust: 0.8

sources: JVNDB: JVNDB-2013-002904

DESCRIPTION

The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485. Vendors have confirmed this vulnerability Bug ID CSCue62485 It is released as.Skillfully crafted by a third party URL The host key and event password may be broken through. Cisco WebEx Meetings Server is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. Cisco WebEx Meetings Server 1.0 is vulnerable. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)

Trust: 1.98

sources: NVD: CVE-2013-1205 // JVNDB: JVNDB-2013-002904 // BID: 60373 // VULHUB: VHN-61207

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:1.0

Trust: 0.3

sources: BID: 60373 // JVNDB: JVNDB-2013-002904 // CNNVD: CNNVD-201306-117 // NVD: CVE-2013-1205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1205
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1205
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201306-117
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61207
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1205
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61207
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61207 // JVNDB: JVNDB-2013-002904 // CNNVD: CNNVD-201306-117 // NVD: CVE-2013-1205

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-61207 // JVNDB: JVNDB-2013-002904 // NVD: CVE-2013-1205

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-117

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201306-117

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002904

PATCH
title:Cisco WebEx Meetings Server Information Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1205
Trust: 0.8
title:29578url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29578
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002904

EXTERNAL IDS
db:NVDid:CVE-2013-1205
Trust: 2.8
db:JVNDBid:JVNDB-2013-002904
Trust: 0.8
db:CNNVDid:CNNVD-201306-117
Trust: 0.7
db:CISCOid:20130604 CISCO WEBEX MEETINGS SERVER INFORMATION DISCLOSURE VULNERABILITY
Trust: 0.6
db:SECUNIAid:53731
Trust: 0.6
db:BIDid:60373
Trust: 0.4
db:SEEBUGid:SSVID-60841
Trust: 0.1
db:VULHUBid:VHN-61207
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61207 // 
            
            
            
            BID: 60373 // 
            
            
            
            JVNDB: JVNDB-2013-002904 // 
            
            
            
            CNNVD: CNNVD-201306-117 // 
            
            
            
            NVD: CVE-2013-1205

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1205
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1205
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1205
Trust: 0.8
url:http://secunia.com/advisories/53731
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12732/index.html
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=29578
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61207 // 
            
            
            
            BID: 60373 // 
            
            
            
            JVNDB: JVNDB-2013-002904 // 
            
            
            
            CNNVD: CNNVD-201306-117 // 
            
            
            
            NVD: CVE-2013-1205

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 60373

SOURCES
db:VULHUBid:VHN-61207
db:BIDid:60373
db:JVNDBid:JVNDB-2013-002904
db:CNNVDid:CNNVD-201306-117
db:NVDid:CVE-2013-1205

LAST UPDATE DATE
2024-08-14T14:40:25.976000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61207date:2013-06-06T00:00:00
db:BIDid:60373date:2013-06-05T00:00:00
db:JVNDBid:JVNDB-2013-002904date:2013-06-07T00:00:00
db:CNNVDid:CNNVD-201306-117date:2013-06-07T00:00:00
db:NVDid:CVE-2013-1205date:2013-06-06T14:34:00.280

SOURCES RELEASE DATE
db:VULHUBid:VHN-61207date:2013-06-06T00:00:00
db:BIDid:60373date:2013-06-05T00:00:00
db:JVNDBid:JVNDB-2013-002904date:2013-06-07T00:00:00
db:CNNVDid:CNNVD-201306-117date:2013-06-07T00:00:00
db:NVDid:CVE-2013-1205date:2013-06-06T13:02:13.007