Details of VAR-201306-0170

ID

VAR-201306-0170

CVE

CVE-2013-3392

TITLE

Cisco WebEx Social Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2013-003096

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405 and CSCuh10355. Cisco WebEx Social Contains a cross-site request forgery vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuh10405 and CSCuh10355 It is released as.A third party may be able to hijack arbitrary user authentication. Exploiting these issues may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible. These issues are being tracked by Cisco Bug IDs CSCuh10405 and CSCuh10355. Cisco WebEx Social is an enterprise collaboration system platform of Cisco (Cisco). The system platform provides functions such as voice, video, applications (Web conferencing applications, messaging applications, mobile applications) and enterprise social software. A remote attacker could exploit these vulnerabilities to hijack authentication of any user

Trust: 1.98

sources: NVD: CVE-2013-3392 // JVNDB: JVNDB-2013-003096 // BID: 60723 // VULHUB: VHN-63394

AFFECTED PRODUCTS

vendor:	cisco	model:	webex social	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex social	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex social sr1	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	webex social	scope:	eq	version:	3.3(1)	Trust: 0.3
vendor:	cisco	model:	webex social sr3	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	webex social sr2	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	webex social sr1	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	webex social	scope:	eq	version:	3.1(0)	Trust: 0.3
vendor:	cisco	model:	webex social sr3	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	webex social sr2	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	webex social sr1	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	webex social	scope:	eq	version:	3.0(1)	Trust: 0.3
vendor:	cisco	model:	webex social	scope:	eq	version:	1.1.0	Trust: 0.3

sources: BID: 60723 // JVNDB: JVNDB-2013-003096 // CNNVD: CNNVD-201306-420 // NVD: CVE-2013-3392

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3392
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3392
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201306-420
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63394
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3392
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63394
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63394 // JVNDB: JVNDB-2013-003096 // CNNVD: CNNVD-201306-420 // NVD: CVE-2013-3392

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-63394 // JVNDB: JVNDB-2013-003096 // NVD: CVE-2013-3392

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-420

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201306-420

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003096

PATCH

title:	Cisco WebEx Social Cross-Site Request Forgery Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3392	Trust: 0.8
title:	29747	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29747	Trust: 0.8

sources: JVNDB: JVNDB-2013-003096

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3392	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-003096	Trust: 0.8
db:	CNNVD	id:	CNNVD-201306-420	Trust: 0.7
db:	CISCO	id:	20130621 CISCO WEBEX SOCIAL CROSS-SITE REQUEST FORGERY VULNERABILITY	Trust: 0.6
db:	BID	id:	60723	Trust: 0.4
db:	VULHUB	id:	VHN-63394	Trust: 0.1

sources: VULHUB: VHN-63394 // BID: 60723 // JVNDB: JVNDB-2013-003096 // CNNVD: CNNVD-201306-420 // NVD: CVE-2013-3392

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3392	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3392	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3392	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/web/products/quad/index.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=29747	Trust: 0.3

sources: VULHUB: VHN-63394 // BID: 60723 // JVNDB: JVNDB-2013-003096 // CNNVD: CNNVD-201306-420 // NVD: CVE-2013-3392

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 60723

SOURCES

db:	VULHUB	id:	VHN-63394
db:	BID	id:	60723
db:	JVNDB	id:	JVNDB-2013-003096
db:	CNNVD	id:	CNNVD-201306-420
db:	NVD	id:	CVE-2013-3392

LAST UPDATE DATE

2024-08-14T13:48:29.251000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63394	date:	2013-06-24T00:00:00
db:	BID	id:	60723	date:	2013-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-003096	date:	2013-06-25T00:00:00
db:	CNNVD	id:	CNNVD-201306-420	date:	2013-06-27T00:00:00
db:	NVD	id:	CVE-2013-3392	date:	2013-06-24T22:16:56.787

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63394	date:	2013-06-21T00:00:00
db:	BID	id:	60723	date:	2013-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-003096	date:	2013-06-25T00:00:00
db:	CNNVD	id:	CNNVD-201306-420	date:	2013-06-27T00:00:00
db:	NVD	id:	CVE-2013-3392	date:	2013-06-21T21:55:00.987