Details of VAR-201312-0257

ID

VAR-201312-0257

CVE

CVE-2013-6968

TITLE

Cisco WebEx Training Center Vulnerability to enumerate attendees

Trust: 0.8

sources: JVNDB: JVNDB-2013-005569

DESCRIPTION

Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003. Vendors have confirmed this vulnerability Bug ID CSCul36003 It is released as.Attendees may be enumerated by a third party via a series of requests. Cisco WebEx Training Center is prone to an email-enumeration weakness. An attacker may leverage this issue to harvest email addresses of registered attendees, which may aid in further attacks. This issue is being tracked by Cisco bug ID CSCul36003. The program provides a wealth of tools for online classrooms, online training, and online exams

Trust: 1.98

sources: NVD: CVE-2013-6968 // JVNDB: JVNDB-2013-005569 // BID: 64292 // VULHUB: VHN-66970

AFFECTED PRODUCTS

vendor:	cisco	model:	webex training center	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex training center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex training center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 64292 // JVNDB: JVNDB-2013-005569 // CNNVD: CNNVD-201312-278 // NVD: CVE-2013-6968

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6968
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6968
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201312-278
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66970
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6968
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66970
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66970 // JVNDB: JVNDB-2013-005569 // CNNVD: CNNVD-201312-278 // NVD: CVE-2013-6968

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-66970 // JVNDB: JVNDB-2013-005569 // NVD: CVE-2013-6968

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-278

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201312-278

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005569

PATCH

title:	Cisco WebEx Training Center Registered Attendee Email Enumeration Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6968	Trust: 0.8
title:	32147	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32147	Trust: 0.8

sources: JVNDB: JVNDB-2013-005569

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6968	Trust: 2.8
db:	SECTRACK	id:	1029492	Trust: 1.1
db:	OSVDB	id:	100913	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-005569	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-278	Trust: 0.7
db:	CISCO	id:	20131212 CISCO WEBEX TRAINING CENTER REGISTERED ATTENDEE EMAIL ENUMERATION VULNERABILITY	Trust: 0.6
db:	BID	id:	64292	Trust: 0.4
db:	SEEBUG	id:	SSVID-61180	Trust: 0.1
db:	VULHUB	id:	VHN-66970	Trust: 0.1

sources: VULHUB: VHN-66970 // BID: 64292 // JVNDB: JVNDB-2013-005569 // CNNVD: CNNVD-201312-278 // NVD: CVE-2013-6968

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6968	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32147	Trust: 1.7
url:	http://osvdb.org/100913	Trust: 1.1
url:	http://www.securitytracker.com/id/1029492	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/89688	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6968	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6968	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps10410/index.html	Trust: 0.3

sources: VULHUB: VHN-66970 // BID: 64292 // JVNDB: JVNDB-2013-005569 // CNNVD: CNNVD-201312-278 // NVD: CVE-2013-6968

CREDITS

Cisco

Trust: 0.3

sources: BID: 64292

SOURCES

db:	VULHUB	id:	VHN-66970
db:	BID	id:	64292
db:	JVNDB	id:	JVNDB-2013-005569
db:	CNNVD	id:	CNNVD-201312-278
db:	NVD	id:	CVE-2013-6968

LAST UPDATE DATE

2024-11-23T21:55:29.211000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66970	date:	2017-11-29T00:00:00
db:	BID	id:	64292	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005569	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-278	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-6968	date:	2024-11-21T02:00:04.727

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66970	date:	2013-12-14T00:00:00
db:	BID	id:	64292	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005569	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-278	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-6968	date:	2013-12-14T22:55:14.473