Details of VAR-201312-0256

ID

VAR-201312-0256

CVE

CVE-2013-6967

TITLE

Cisco WebEx Sales Center Open Browser Vulnerability in Mobile Browser Subsystem

Trust: 0.8

sources: JVNDB: JVNDB-2013-005568

DESCRIPTION

Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36020. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco Bug ID CSCul36020. The solution supports the creation of personalized sales processes, online presentations, sales tracking and reporting, and more

Trust: 1.98

sources: NVD: CVE-2013-6967 // JVNDB: JVNDB-2013-005568 // BID: 64284 // VULHUB: VHN-66969

AFFECTED PRODUCTS

vendor:	cisco	model:	webex sales center	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex sales center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex sales center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 64284 // JVNDB: JVNDB-2013-005568 // CNNVD: CNNVD-201312-277 // NVD: CVE-2013-6967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6967
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6967
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201312-277
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66969
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6967
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66969
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66969 // JVNDB: JVNDB-2013-005568 // CNNVD: CNNVD-201312-277 // NVD: CVE-2013-6967

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-66969 // JVNDB: JVNDB-2013-005568 // NVD: CVE-2013-6967

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-277

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-277

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005568

PATCH

title:	Cisco WebEx Sales Center Mobile Browser Open Redirect Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6967	Trust: 0.8
title:	32148	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32148	Trust: 0.8

sources: JVNDB: JVNDB-2013-005568

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6967	Trust: 2.8
db:	OSVDB	id:	100912	Trust: 1.1
db:	SECTRACK	id:	1029493	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-005568	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-277	Trust: 0.7
db:	CISCO	id:	20131212 CISCO WEBEX SALES CENTER MOBILE BROWSER OPEN REDIRECT VULNERABILITY	Trust: 0.6
db:	BID	id:	64284	Trust: 0.4
db:	SEEBUG	id:	SSVID-61171	Trust: 0.1
db:	VULHUB	id:	VHN-66969	Trust: 0.1

sources: VULHUB: VHN-66969 // BID: 64284 // JVNDB: JVNDB-2013-005568 // CNNVD: CNNVD-201312-277 // NVD: CVE-2013-6967

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6967	Trust: 2.0
url:	http://osvdb.org/100912	Trust: 1.1
url:	http://www.securitytracker.com/id/1029493	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/89685	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6967	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6967	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-66969 // BID: 64284 // JVNDB: JVNDB-2013-005568 // CNNVD: CNNVD-201312-277 // NVD: CVE-2013-6967

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 64284

SOURCES

db:	VULHUB	id:	VHN-66969
db:	BID	id:	64284
db:	JVNDB	id:	JVNDB-2013-005568
db:	CNNVD	id:	CNNVD-201312-277
db:	NVD	id:	CVE-2013-6967

LAST UPDATE DATE

2024-11-23T21:45:29.948000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66969	date:	2017-11-29T00:00:00
db:	BID	id:	64284	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005568	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-277	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-6967	date:	2024-11-21T02:00:04.593

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66969	date:	2013-12-14T00:00:00
db:	BID	id:	64284	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005568	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-277	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-6967	date:	2013-12-14T22:55:14.443