Sign-up

ID

VAR-201312-0258


CVE

CVE-2013-6969


TITLE

Cisco WebEx Training Center Vulnerability to change unspecified fields on the training registration page

Trust: 0.8

sources: JVNDB: JVNDB-2013-005570

DESCRIPTION

The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990. Vendors have confirmed this vulnerability Bug ID CSCul35990 It is released as.A third party may change unspecified fields. An attacker may leverage this issue to insert and display spoofed content, which may aid in further attacks. This issue is tracked by Cisco Bug ID CSCul35990. Cisco WebEx Training Center is an e-learning solution in a set of WebEx meeting solutions of Cisco (Cisco). The program provides a wealth of tools for online classrooms, online training, and online exams. A remote attacker could exploit this vulnerability to modify page fields

Trust: 1.98

sources: NVD: CVE-2013-6969 // JVNDB: JVNDB-2013-005570 // BID: 64305 // VULHUB: VHN-66971

AFFECTED PRODUCTS

vendor:ciscomodel:webex training centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex training centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2013-005570 // CNNVD: CNNVD-201312-279 // NVD: CVE-2013-6969

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6969
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6969
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-279
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66971
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6969
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66971
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66971 // JVNDB: JVNDB-2013-005570 // CNNVD: CNNVD-201312-279 // NVD: CVE-2013-6969

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-66971 // JVNDB: JVNDB-2013-005570 // NVD: CVE-2013-6969

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-279

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-279

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005570

PATCH
title:Cisco WebEx Training Center Training Registration Page Content Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6969
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005570

EXTERNAL IDS
db:NVDid:CVE-2013-6969
Trust: 2.8
db:BIDid:64305
Trust: 1.4
db:OSVDBid:101003
Trust: 1.1
db:JVNDBid:JVNDB-2013-005570
Trust: 0.8
db:CNNVDid:CNNVD-201312-279
Trust: 0.7
db:CISCOid:20131213 CISCO WEBEX TRAINING CENTER TRAINING REGISTRATION PAGE CONTENT INJECTION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66971
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66971 // 
            
            
            
            BID: 64305 // 
            
            
            
            JVNDB: JVNDB-2013-005570 // 
            
            
            
            CNNVD: CNNVD-201312-279 // 
            
            
            
            NVD: CVE-2013-6969

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6969
Trust: 2.0
url:http://www.securityfocus.com/bid/64305
Trust: 1.1
url:http://osvdb.org/101003
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89684
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6969
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6969
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps10410/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66971 // 
            
            
            
            BID: 64305 // 
            
            
            
            JVNDB: JVNDB-2013-005570 // 
            
            
            
            CNNVD: CNNVD-201312-279 // 
            
            
            
            NVD: CVE-2013-6969

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64305

SOURCES
db:VULHUBid:VHN-66971
db:BIDid:64305
db:JVNDBid:JVNDB-2013-005570
db:CNNVDid:CNNVD-201312-279
db:NVDid:CVE-2013-6969

LAST UPDATE DATE
2024-11-23T23:05:48.684000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66971date:2017-11-29T00:00:00
db:BIDid:64305date:2013-12-13T00:00:00
db:JVNDBid:JVNDB-2013-005570date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-279date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6969date:2024-11-21T02:00:04.840

SOURCES RELEASE DATE
db:VULHUBid:VHN-66971date:2013-12-14T00:00:00
db:BIDid:64305date:2013-12-13T00:00:00
db:JVNDBid:JVNDB-2013-005570date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-279date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6969date:2013-12-14T22:55:14.503