Sign-up

ID

VAR-201312-0254


CVE

CVE-2013-6965


TITLE

Cisco WebEx Training Center Vulnerability that bypasses access restrictions in registered components

Trust: 0.8

sources: JVNDB: JVNDB-2013-005567

DESCRIPTION

The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183. Cisco WebEx Training Center Registration component of the training session before email verification is complete. URL Provides a vulnerability that prevents access restrictions and joins conference calls. Successfully exploiting these issues may allow an attacker to obtain sensitive information that may aid in further attacks. These issues are being tracked by Cisco bug ID CSCul36183. The program provides a wealth of tools for online classrooms, online training, and online exams

Trust: 1.98

sources: NVD: CVE-2013-6965 // JVNDB: JVNDB-2013-005567 // BID: 64281 // VULHUB: VHN-66967

AFFECTED PRODUCTS

vendor:ciscomodel:webex training centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex training centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex training centerscope:eqversion:0

Trust: 0.3

sources: BID: 64281 // JVNDB: JVNDB-2013-005567 // CNNVD: CNNVD-201312-276 // NVD: CVE-2013-6965

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6965
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6965
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-276
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66967
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6965
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66967
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66967 // JVNDB: JVNDB-2013-005567 // CNNVD: CNNVD-201312-276 // NVD: CVE-2013-6965

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-66967 // JVNDB: JVNDB-2013-005567 // NVD: CVE-2013-6965

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-276

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201312-276

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005567

PATCH
title:Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965
Trust: 0.8
title:32157url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32157
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005567

EXTERNAL IDS
db:NVDid:CVE-2013-6965
Trust: 2.8
db:BIDid:64281
Trust: 1.4
db:SECTRACKid:1029492
Trust: 1.1
db:OSVDBid:100911
Trust: 1.1
db:JVNDBid:JVNDB-2013-005567
Trust: 0.8
db:CNNVDid:CNNVD-201312-276
Trust: 0.7
db:CISCOid:20131212 CISCO WEBEX TRAINING CENTER BYPASS EMAIL VERIFICATION TO JOIN AUDIO CONFERENCE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66967
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66967 // 
            
            
            
            BID: 64281 // 
            
            
            
            JVNDB: JVNDB-2013-005567 // 
            
            
            
            CNNVD: CNNVD-201312-276 // 
            
            
            
            NVD: CVE-2013-6965

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6965
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32157
Trust: 1.7
url:http://www.securityfocus.com/bid/64281
Trust: 1.1
url:http://osvdb.org/100911
Trust: 1.1
url:http://www.securitytracker.com/id/1029492
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89691
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6965
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6965
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps10410/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66967 // 
            
            
            
            BID: 64281 // 
            
            
            
            JVNDB: JVNDB-2013-005567 // 
            
            
            
            CNNVD: CNNVD-201312-276 // 
            
            
            
            NVD: CVE-2013-6965

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 64281

SOURCES
db:VULHUBid:VHN-66967
db:BIDid:64281
db:JVNDBid:JVNDB-2013-005567
db:CNNVDid:CNNVD-201312-276
db:NVDid:CVE-2013-6965

LAST UPDATE DATE
2024-11-23T21:55:29.090000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66967date:2017-11-29T00:00:00
db:BIDid:64281date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005567date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-276date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6965date:2024-11-21T02:00:04.350

SOURCES RELEASE DATE
db:VULHUBid:VHN-66967date:2013-12-14T00:00:00
db:BIDid:64281date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005567date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-276date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6965date:2013-12-14T22:55:14.410