Sign-up

ID

VAR-201310-0512


CVE

CVE-2013-5529


TITLE

Cisco WebEx Meeting Center Server deployment Module launch vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004726

DESCRIPTION

The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200. Cisco WebEx Meetings Server is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuf52200. Cisco WebEx Meeting Center is an online meeting product in a set of WebEx meeting solutions of Cisco (Cisco). The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2013-5529 // JVNDB: JVNDB-2013-004726 // BID: 63012 // VULHUB: VHN-65531

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:lteversion:1.1

Trust: 0.8

sources: JVNDB: JVNDB-2013-004726 // CNNVD: CNNVD-201310-317 // NVD: CVE-2013-5529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5529
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5529
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-317
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65531
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5529
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65531
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65531 // JVNDB: JVNDB-2013-004726 // CNNVD: CNNVD-201310-317 // NVD: CVE-2013-5529

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65531 // JVNDB: JVNDB-2013-004726 // NVD: CVE-2013-5529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-317

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-317

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004726

PATCH
title:Cisco WebEx Meetings Server Deployment Passphrase Bypass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5529
Trust: 0.8
title:31257url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31257
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004726

EXTERNAL IDS
db:NVDid:CVE-2013-5529
Trust: 2.8
db:JVNDBid:JVNDB-2013-004726
Trust: 0.8
db:CNNVDid:CNNVD-201310-317
Trust: 0.7
db:CISCOid:20131014 CISCO WEBEX MEETINGS SERVER DEPLOYMENT PASSPHRASE BYPASS VULNERABILITY
Trust: 0.6
db:BIDid:63012
Trust: 0.4
db:VULHUBid:VHN-65531
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65531 // 
            
            
            
            BID: 63012 // 
            
            
            
            JVNDB: JVNDB-2013-004726 // 
            
            
            
            CNNVD: CNNVD-201310-317 // 
            
            
            
            NVD: CVE-2013-5529

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5529
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5529
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5529
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65531 // 
            
            
            
            BID: 63012 // 
            
            
            
            JVNDB: JVNDB-2013-004726 // 
            
            
            
            CNNVD: CNNVD-201310-317 // 
            
            
            
            NVD: CVE-2013-5529

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63012

SOURCES
db:VULHUBid:VHN-65531
db:BIDid:63012
db:JVNDBid:JVNDB-2013-004726
db:CNNVDid:CNNVD-201310-317
db:NVDid:CVE-2013-5529

LAST UPDATE DATE
2024-11-23T22:53:28.330000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65531date:2013-10-16T00:00:00
db:BIDid:63012date:2013-10-17T00:34:00
db:JVNDBid:JVNDB-2013-004726date:2013-10-18T00:00:00
db:CNNVDid:CNNVD-201310-317date:2013-10-17T00:00:00
db:NVDid:CVE-2013-5529date:2024-11-21T01:57:38.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-65531date:2013-10-16T00:00:00
db:BIDid:63012date:2013-10-14T00:00:00
db:JVNDBid:JVNDB-2013-004726date:2013-10-18T00:00:00
db:CNNVDid:CNNVD-201310-317date:2013-10-17T00:00:00
db:NVDid:CVE-2013-5529date:2013-10-16T10:52:45.277