Details of VAR-201312-0248

ID

VAR-201312-0248

CVE

CVE-2013-6959

TITLE

Cisco WebEx Sales Center Open redirect vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2013-005561 // CNNVD: CNNVD-201312-270

DESCRIPTION

Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco Bug ID CSCul25557. The solution supports the creation of personalized sales processes, online presentations, sales tracking and reporting, and more

Trust: 1.98

sources: NVD: CVE-2013-6959 // JVNDB: JVNDB-2013-005561 // BID: 64271 // VULHUB: VHN-66961

AFFECTED PRODUCTS

vendor:	cisco	model:	webex sales center	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex sales center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex sales center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 64271 // JVNDB: JVNDB-2013-005561 // CNNVD: CNNVD-201312-270 // NVD: CVE-2013-6959

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6959
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6959
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201312-270
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66961
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6959
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66961
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66961 // JVNDB: JVNDB-2013-005561 // CNNVD: CNNVD-201312-270 // NVD: CVE-2013-6959

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-66961 // JVNDB: JVNDB-2013-005561 // NVD: CVE-2013-6959

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-270

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-270

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005561

PATCH

title:	Cisco WebEx Sales Center Open Redirect Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6959	Trust: 0.8
title:	32155	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32155	Trust: 0.8

sources: JVNDB: JVNDB-2013-005561

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6959	Trust: 2.8
db:	SECTRACK	id:	1029493	Trust: 1.1
db:	OSVDB	id:	100901	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-005561	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-270	Trust: 0.7
db:	CISCO	id:	20131212 CISCO WEBEX SALES CENTER OPEN REDIRECT VULNERABILITY	Trust: 0.6
db:	BID	id:	64271	Trust: 0.4
db:	SEEBUG	id:	SSVID-61178	Trust: 0.1
db:	VULHUB	id:	VHN-66961	Trust: 0.1

sources: VULHUB: VHN-66961 // BID: 64271 // JVNDB: JVNDB-2013-005561 // CNNVD: CNNVD-201312-270 // NVD: CVE-2013-6959

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6959	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32155	Trust: 1.7
url:	http://osvdb.org/100901	Trust: 1.1
url:	http://www.securitytracker.com/id/1029493	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/89698	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6959	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6959	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-66961 // BID: 64271 // JVNDB: JVNDB-2013-005561 // CNNVD: CNNVD-201312-270 // NVD: CVE-2013-6959

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 64271

SOURCES

db:	VULHUB	id:	VHN-66961
db:	BID	id:	64271
db:	JVNDB	id:	JVNDB-2013-005561
db:	CNNVD	id:	CNNVD-201312-270
db:	NVD	id:	CVE-2013-6959

LAST UPDATE DATE

2024-11-23T21:45:29.979000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66961	date:	2017-11-29T00:00:00
db:	BID	id:	64271	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005561	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-270	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-6959	date:	2024-11-21T02:00:03.570

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66961	date:	2013-12-14T00:00:00
db:	BID	id:	64271	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005561	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-270	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-6959	date:	2013-12-14T22:55:14.253