Sign-up

ID

VAR-201312-0253


CVE

CVE-2013-6964


TITLE

Cisco WebEx Meeting Center Vulnerability that bypasses access control

Trust: 0.8

sources: JVNDB: JVNDB-2013-005566

DESCRIPTION

Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197. Cisco WebEx Meeting Center is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCul36197. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2013-6964 // JVNDB: JVNDB-2013-005566 // BID: 64280 // VULHUB: VHN-66966

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: BID: 64280 // JVNDB: JVNDB-2013-005566 // CNNVD: CNNVD-201312-275 // NVD: CVE-2013-6964

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6964
value: LOW

Trust: 1.0

NVD: CVE-2013-6964
value: LOW

Trust: 0.8

CNNVD: CNNVD-201312-275
value: LOW

Trust: 0.6

VULHUB: VHN-66966
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-6964
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66966
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66966 // JVNDB: JVNDB-2013-005566 // CNNVD: CNNVD-201312-275 // NVD: CVE-2013-6964

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-66966 // JVNDB: JVNDB-2013-005566 // NVD: CVE-2013-6964

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-275

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201312-275

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005566

PATCH
title:Cisco WebEx Business Suite Site Access Control Bypass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964
Trust: 0.8
title:32158url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32158
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005566

EXTERNAL IDS
db:NVDid:CVE-2013-6964
Trust: 2.8
db:BIDid:64280
Trust: 1.4
db:OSVDBid:100908
Trust: 1.1
db:SECTRACKid:1029494
Trust: 1.1
db:JVNDBid:JVNDB-2013-005566
Trust: 0.8
db:CNNVDid:CNNVD-201312-275
Trust: 0.7
db:CISCOid:20131212 CISCO WEBEX BUSINESS SUITE SITE ACCESS CONTROL BYPASS VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66966
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66966 // 
            
            
            
            BID: 64280 // 
            
            
            
            JVNDB: JVNDB-2013-005566 // 
            
            
            
            CNNVD: CNNVD-201312-275 // 
            
            
            
            NVD: CVE-2013-6964

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6964
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32158
Trust: 1.7
url:http://www.securityfocus.com/bid/64280
Trust: 1.1
url:http://osvdb.org/100908
Trust: 1.1
url:http://www.securitytracker.com/id/1029494
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89690
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6964
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6964
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66966 // 
            
            
            
            BID: 64280 // 
            
            
            
            JVNDB: JVNDB-2013-005566 // 
            
            
            
            CNNVD: CNNVD-201312-275 // 
            
            
            
            NVD: CVE-2013-6964

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64280

SOURCES
db:VULHUBid:VHN-66966
db:BIDid:64280
db:JVNDBid:JVNDB-2013-005566
db:CNNVDid:CNNVD-201312-275
db:NVDid:CVE-2013-6964

LAST UPDATE DATE
2024-11-23T22:02:19.609000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66966date:2017-11-29T00:00:00
db:BIDid:64280date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005566date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-275date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6964date:2024-11-21T02:00:04.230

SOURCES RELEASE DATE
db:VULHUBid:VHN-66966date:2013-12-14T00:00:00
db:BIDid:64280date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005566date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-275date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6964date:2013-12-14T22:55:14.397