Details of VAR-201309-0433

ID

VAR-201309-0433

CVE

CVE-2013-5494

TITLE

Cisco Unified MeetingPlace Solution of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2013-004113

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674. Vendors have confirmed this vulnerability Bug ID CSCui45209 and CSCui44674 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible. A remote attacker can hijack the authentication of any user

Trust: 1.98

sources: NVD: CVE-2013-5494 // JVNDB: JVNDB-2013-004113 // BID: 62390 // VULHUB: VHN-65496

AFFECTED PRODUCTS

vendor:	cisco	model:	unified meetingplace web conferencing	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified meetingplace	scope:	lte	version:	solution 8.5	Trust: 0.8
vendor:	cisco	model:	unified meetingplace web conferencing	scope:	lte	version:	8.5(4)	Trust: 0.8
vendor:	cisco	model:	unified meetingplace	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified meetingplace web conferencing	scope:	eq	version:	7.0	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7.1	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7	Trust: 0.3

sources: BID: 62390 // JVNDB: JVNDB-2013-004113 // CNNVD: CNNVD-201309-219 // NVD: CVE-2013-5494

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5494
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5494
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-219
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65496
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5494
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65496
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65496 // JVNDB: JVNDB-2013-004113 // CNNVD: CNNVD-201309-219 // NVD: CVE-2013-5494

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-65496 // JVNDB: JVNDB-2013-004113 // NVD: CVE-2013-5494

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-219

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201309-219

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004113

PATCH

title:	Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5494	Trust: 0.8
title:	30790	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30790	Trust: 0.8

sources: JVNDB: JVNDB-2013-004113

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5494	Trust: 2.8
db:	SECTRACK	id:	1029037	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004113	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-219	Trust: 0.7
db:	CISCO	id:	20130913 CISCO UNIFIED MEETINGPLACE SOLUTION CROSS-SITE REQUEST FORGERY VULNERABILITY	Trust: 0.6
db:	BID	id:	62390	Trust: 0.4
db:	VULHUB	id:	VHN-65496	Trust: 0.1

sources: VULHUB: VHN-65496 // BID: 62390 // JVNDB: JVNDB-2013-004113 // CNNVD: CNNVD-201309-219 // NVD: CVE-2013-5494

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5494	Trust: 1.7
url:	http://www.securitytracker.com/id/1029037	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5494	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5494	Trust: 0.8
url:	http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html	Trust: 0.3

sources: VULHUB: VHN-65496 // BID: 62390 // JVNDB: JVNDB-2013-004113 // CNNVD: CNNVD-201309-219 // NVD: CVE-2013-5494

CREDITS

Reported by the vendor.

Trust: 0.3

sources: BID: 62390

SOURCES

db:	VULHUB	id:	VHN-65496
db:	BID	id:	62390
db:	JVNDB	id:	JVNDB-2013-004113
db:	CNNVD	id:	CNNVD-201309-219
db:	NVD	id:	CVE-2013-5494

LAST UPDATE DATE

2024-11-23T23:05:52.925000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65496	date:	2013-10-18T00:00:00
db:	BID	id:	62390	date:	2013-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-004113	date:	2013-09-17T00:00:00
db:	CNNVD	id:	CNNVD-201309-219	date:	2013-09-18T00:00:00
db:	NVD	id:	CVE-2013-5494	date:	2024-11-21T01:57:34.970

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65496	date:	2013-09-16T00:00:00
db:	BID	id:	62390	date:	2013-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-004113	date:	2013-09-17T00:00:00
db:	CNNVD	id:	CNNVD-201309-219	date:	2013-09-18T00:00:00
db:	NVD	id:	CVE-2013-5494	date:	2013-09-16T13:02:35.737