Details of VAR-201312-0255

ID

VAR-201312-0255

CVE

CVE-2013-6966

TITLE

Cisco WebEx Training Center Open redirect vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2013-005575 // CNNVD: CNNVD-201312-351

DESCRIPTION

Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco Bug ID CSCul36031. The program provides a wealth of tools for online classrooms, online training, and online exams

Trust: 1.98

sources: NVD: CVE-2013-6966 // JVNDB: JVNDB-2013-005575 // BID: 64285 // VULHUB: VHN-66968

AFFECTED PRODUCTS

vendor:	cisco	model:	webex training center	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex training center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex training center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 64285 // JVNDB: JVNDB-2013-005575 // CNNVD: CNNVD-201312-351 // NVD: CVE-2013-6966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6966
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6966
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201312-351
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66968
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6966
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66968
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66968 // JVNDB: JVNDB-2013-005575 // CNNVD: CNNVD-201312-351 // NVD: CVE-2013-6966

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-66968 // JVNDB: JVNDB-2013-005575 // NVD: CVE-2013-6966

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-351

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-351

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005575

PATCH

title:	Cisco WebEx Training Center Open Redirect Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966	Trust: 0.8
title:	32149	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32149	Trust: 0.8

sources: JVNDB: JVNDB-2013-005575

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6966	Trust: 2.8
db:	SECTRACK	id:	1029492	Trust: 1.1
db:	OSVDB	id:	100909	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-005575	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-351	Trust: 0.7
db:	CISCO	id:	20131212 CISCO WEBEX TRAINING CENTER OPEN REDIRECT VULNERABILITY	Trust: 0.6
db:	BID	id:	64285	Trust: 0.4
db:	SEEBUG	id:	SSVID-61184	Trust: 0.1
db:	VULHUB	id:	VHN-66968	Trust: 0.1

sources: VULHUB: VHN-66968 // BID: 64285 // JVNDB: JVNDB-2013-005575 // CNNVD: CNNVD-201312-351 // NVD: CVE-2013-6966

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6966	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32149	Trust: 1.7
url:	http://osvdb.org/100909	Trust: 1.1
url:	http://www.securitytracker.com/id/1029492	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/89686	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6966	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6966	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-66968 // BID: 64285 // JVNDB: JVNDB-2013-005575 // CNNVD: CNNVD-201312-351 // NVD: CVE-2013-6966

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 64285

SOURCES

db:	VULHUB	id:	VHN-66968
db:	BID	id:	64285
db:	JVNDB	id:	JVNDB-2013-005575
db:	CNNVD	id:	CNNVD-201312-351
db:	NVD	id:	CVE-2013-6966

LAST UPDATE DATE

2024-11-23T21:55:29.029000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66968	date:	2017-11-29T00:00:00
db:	BID	id:	64285	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005575	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-351	date:	2013-12-18T00:00:00
db:	NVD	id:	CVE-2013-6966	date:	2024-11-21T02:00:04.470

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66968	date:	2013-12-17T00:00:00
db:	BID	id:	64285	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005575	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-351	date:	2013-12-18T00:00:00
db:	NVD	id:	CVE-2013-6966	date:	2013-12-17T04:46:45.957