Sign-up

ID

VAR-201307-0210


CVE

CVE-2013-3425


TITLE

Cisco WebEx of Meeting Center Component enumerated file vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003580

DESCRIPTION

The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965. WebEx is prone to a remote security vulnerability. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM). There is a security vulnerability in the Meeting Center component of Cisco WebEx version 11.0. Attackers can use these error messages through a series of SPI Call enumeration file

Trust: 1.98

sources: NVD: CVE-2013-3425 // JVNDB: JVNDB-2013-003580 // BID: 78023 // VULHUB: VHN-63427

AFFECTED PRODUCTS

vendor:ciscomodel:webexscope:eqversion:11.0

Trust: 1.9

vendor:ciscomodel:webexscope:eqversion:11

Trust: 0.8

sources: BID: 78023 // JVNDB: JVNDB-2013-003580 // CNNVD: CNNVD-201307-664 // NVD: CVE-2013-3425

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3425
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3425
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-664
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63427
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3425
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63427
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63427 // JVNDB: JVNDB-2013-003580 // CNNVD: CNNVD-201307-664 // NVD: CVE-2013-3425

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-63427 // JVNDB: JVNDB-2013-003580 // NVD: CVE-2013-3425

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-664

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201307-664

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003580

PATCH
title:Cisco WebEx Information Disclosure through Inconsistent Error Messages Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003580

EXTERNAL IDS
db:NVDid:CVE-2013-3425
Trust: 2.8
db:OSVDBid:95876
Trust: 1.1
db:JVNDBid:JVNDB-2013-003580
Trust: 0.8
db:CNNVDid:CNNVD-201307-664
Trust: 0.7
db:CISCOid:20130730 CISCO WEBEX INFORMATION DISCLOSURE THROUGH INCONSISTENT ERROR MESSAGES VULNERABILITY
Trust: 0.6
db:BIDid:78023
Trust: 0.4
db:XFid:86150
Trust: 0.3
db:VULHUBid:VHN-63427
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63427 // 
            
            
            
            BID: 78023 // 
            
            
            
            JVNDB: JVNDB-2013-003580 // 
            
            
            
            CNNVD: CNNVD-201307-664 // 
            
            
            
            NVD: CVE-2013-3425

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3425
Trust: 2.0
url:http://osvdb.org/95876
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86150
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3425
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3425
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/86150
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63427 // 
            
            
            
            BID: 78023 // 
            
            
            
            JVNDB: JVNDB-2013-003580 // 
            
            
            
            CNNVD: CNNVD-201307-664 // 
            
            
            
            NVD: CVE-2013-3425

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78023

SOURCES
db:VULHUBid:VHN-63427
db:BIDid:78023
db:JVNDBid:JVNDB-2013-003580
db:CNNVDid:CNNVD-201307-664
db:NVDid:CVE-2013-3425

LAST UPDATE DATE
2024-08-14T14:58:18.992000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63427date:2017-08-29T00:00:00
db:BIDid:78023date:2013-07-31T00:00:00
db:JVNDBid:JVNDB-2013-003580date:2013-08-01T00:00:00
db:CNNVDid:CNNVD-201307-664date:2013-08-16T00:00:00
db:NVDid:CVE-2013-3425date:2017-08-29T01:33:23.183

SOURCES RELEASE DATE
db:VULHUBid:VHN-63427date:2013-07-31T00:00:00
db:BIDid:78023date:2013-07-31T00:00:00
db:JVNDBid:JVNDB-2013-003580date:2013-08-01T00:00:00
db:CNNVDid:CNNVD-201307-664date:2013-07-31T00:00:00
db:NVDid:CVE-2013-3425date:2013-07-31T13:20:18.877