Sign-up

ID

VAR-201307-0225


CVE

CVE-2013-3438


TITLE

Cisco Unified MeetingPlace Web Conferencing Vulnerabilities that prevent access restrictions on the server

Trust: 0.8

sources: JVNDB: JVNDB-2013-003506

DESCRIPTION

The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385. Vendors have confirmed this vulnerability Bug ID CSCuh86385 It is released as.Access restrictions can be avoided and unspecified by a third party through crafted parameters. Web The page may be vulnerable to read. Exploiting this issue could allow an attacker to bypass certain security restrictions and obtain unauthorized access to sensitive information on the affected device. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuh86385

Trust: 1.98

sources: NVD: CVE-2013-3438 // JVNDB: JVNDB-2013-003506 // BID: 61417 // VULHUB: VHN-63440

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified meetingplace web conferencingscope:lteversion:8.5 sr2(4)

Trust: 0.8

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion:6.0

Trust: 0.3

sources: BID: 61417 // JVNDB: JVNDB-2013-003506 // CNNVD: CNNVD-201307-504 // NVD: CVE-2013-3438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3438
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3438
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-504
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63440
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3438
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63440
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63440 // JVNDB: JVNDB-2013-003506 // CNNVD: CNNVD-201307-504 // NVD: CVE-2013-3438

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-63440 // JVNDB: JVNDB-2013-003506 // NVD: CVE-2013-3438

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-504

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201307-504

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003506

PATCH
title:Cisco Unified MeetingPlace Web Conferencing Authorization By-pass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3438
Trust: 0.8
title:30186url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30186
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003506

EXTERNAL IDS
db:NVDid:CVE-2013-3438
Trust: 2.8
db:OSVDBid:95583
Trust: 1.1
db:JVNDBid:JVNDB-2013-003506
Trust: 0.8
db:CNNVDid:CNNVD-201307-504
Trust: 0.7
db:CISCOid:20130723 CISCO UNIFIED MEETINGPLACE WEB CONFERENCING AUTHORIZATION BY-PASS VULNERABILITY
Trust: 0.6
db:BIDid:61417
Trust: 0.4
db:VULHUBid:VHN-63440
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63440 // 
            
            
            
            BID: 61417 // 
            
            
            
            JVNDB: JVNDB-2013-003506 // 
            
            
            
            CNNVD: CNNVD-201307-504 // 
            
            
            
            NVD: CVE-2013-3438

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3438
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30186
Trust: 1.1
url:http://osvdb.org/95583
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3438
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3438
Trust: 0.8
sources:
            
            
            VULHUB: VHN-63440 // 
            
            
            
            JVNDB: JVNDB-2013-003506 // 
            
            
            
            CNNVD: CNNVD-201307-504 // 
            
            
            
            NVD: CVE-2013-3438

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 61417

SOURCES
db:VULHUBid:VHN-63440
db:BIDid:61417
db:JVNDBid:JVNDB-2013-003506
db:CNNVDid:CNNVD-201307-504
db:NVDid:CVE-2013-3438

LAST UPDATE DATE
2024-08-14T15:35:13.302000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63440date:2016-09-16T00:00:00
db:BIDid:61417date:2013-07-24T00:00:00
db:JVNDBid:JVNDB-2013-003506date:2013-07-25T00:00:00
db:CNNVDid:CNNVD-201307-504date:2013-07-30T00:00:00
db:NVDid:CVE-2013-3438date:2016-09-16T18:03:25.617

SOURCES RELEASE DATE
db:VULHUBid:VHN-63440date:2013-07-24T00:00:00
db:BIDid:61417date:2013-07-24T00:00:00
db:JVNDBid:JVNDB-2013-003506date:2013-07-25T00:00:00
db:CNNVDid:CNNVD-201307-504date:2013-07-30T00:00:00
db:NVDid:CVE-2013-3438date:2013-07-24T12:01:57.703