Sign-up

ID

VAR-201308-0092


CVE

CVE-2013-3448


TITLE

Cisco WebEx Meetings Server Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2013-003633

DESCRIPTION

Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after account deactivation, aka Bug ID CSCuh33315. Cisco WebEx is a web conferencing solution. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to vulnerable application. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuh33315. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 2.52

sources: NVD: CVE-2013-3448 // JVNDB: JVNDB-2013-003633 // CNVD: CNVD-2013-11624 // BID: 61572 // VULHUB: VHN-63450

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-11624

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:1.1

Trust: 0.9

vendor:ciscomodel:webex meetings serverscope:lteversion:1.1

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:1.0

Trust: 0.3

sources: CNVD: CNVD-2013-11624 // BID: 61572 // JVNDB: JVNDB-2013-003633 // CNNVD: CNNVD-201308-020 // NVD: CVE-2013-3448

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3448
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3448
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-11624
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201308-020
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63450
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3448
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-11624
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-63450
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-11624 // VULHUB: VHN-63450 // JVNDB: JVNDB-2013-003633 // CNNVD: CNNVD-201308-020 // NVD: CVE-2013-3448

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-63450 // JVNDB: JVNDB-2013-003633 // NVD: CVE-2013-3448

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-020

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201308-020

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003633

PATCH
title:Cisco WebEx Meetings Server Inactive User Authentication Bypass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3448
Trust: 0.8
title:30277url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30277
Trust: 0.8
title:Cisco WebEx Meetings Server Expired User Remote Authentication Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/38031
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-11624 // 
            
            
            
            JVNDB: JVNDB-2013-003633

EXTERNAL IDS
db:NVDid:CVE-2013-3448
Trust: 3.4
db:BIDid:61572
Trust: 2.0
db:OSVDBid:95880
Trust: 1.1
db:JVNDBid:JVNDB-2013-003633
Trust: 0.8
db:CNNVDid:CNNVD-201308-020
Trust: 0.7
db:CNVDid:CNVD-2013-11624
Trust: 0.6
db:CISCOid:20130731 CISCO WEBEX MEETINGS SERVER INACTIVE USER AUTHENTICATION BYPASS VULNERABILITY
Trust: 0.6
db:SEEBUGid:SSVID-60935
Trust: 0.1
db:VULHUBid:VHN-63450
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-11624 // 
            
            
            
            VULHUB: VHN-63450 // 
            
            
            
            BID: 61572 // 
            
            
            
            JVNDB: JVNDB-2013-003633 // 
            
            
            
            CNNVD: CNNVD-201308-020 // 
            
            
            
            NVD: CVE-2013-3448

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3448
Trust: 2.6
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30277
Trust: 2.0
url:http://www.securityfocus.com/bid/61572
Trust: 1.1
url:http://osvdb.org/95880
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3448
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3448
Trust: 0.8
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscuh33315
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-11624 // 
            
            
            
            VULHUB: VHN-63450 // 
            
            
            
            BID: 61572 // 
            
            
            
            JVNDB: JVNDB-2013-003633 // 
            
            
            
            CNNVD: CNNVD-201308-020 // 
            
            
            
            NVD: CVE-2013-3448

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 61572

SOURCES
db:CNVDid:CNVD-2013-11624
db:VULHUBid:VHN-63450
db:BIDid:61572
db:JVNDBid:JVNDB-2013-003633
db:CNNVDid:CNNVD-201308-020
db:NVDid:CVE-2013-3448

LAST UPDATE DATE
2024-08-14T15:24:49.262000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-11624date:2013-08-06T00:00:00
db:VULHUBid:VHN-63450date:2016-09-16T00:00:00
db:BIDid:61572date:2013-08-01T00:00:00
db:JVNDBid:JVNDB-2013-003633date:2013-08-05T00:00:00
db:CNNVDid:CNNVD-201308-020date:2013-08-07T00:00:00
db:NVDid:CVE-2013-3448date:2016-09-16T20:45:01.377

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-11624date:2013-08-06T00:00:00
db:VULHUBid:VHN-63450date:2013-08-02T00:00:00
db:BIDid:61572date:2013-08-01T00:00:00
db:JVNDBid:JVNDB-2013-003633date:2013-08-05T00:00:00
db:CNNVDid:CNNVD-201308-020date:2013-08-05T00:00:00
db:NVDid:CVE-2013-3448date:2013-08-02T12:10:40.477