ID

VAR-201312-0260


CVE

CVE-2013-6971


TITLE

Cisco WebEx Training Center Open redirect vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2013-005572 // CNNVD: CNNVD-201312-281

DESCRIPTION

Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco Bug ID CSCul57140. The program provides a wealth of tools for online classrooms, online training, and online exams

Trust: 1.98

sources: NVD: CVE-2013-6971 // JVNDB: JVNDB-2013-005572 // BID: 64287 // VULHUB: VHN-66973

AFFECTED PRODUCTS

vendor:ciscomodel:webex training centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex training centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex training centerscope:eqversion:0

Trust: 0.3

sources: BID: 64287 // JVNDB: JVNDB-2013-005572 // CNNVD: CNNVD-201312-281 // NVD: CVE-2013-6971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6971
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6971
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-281
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66973
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6971
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66973
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66973 // JVNDB: JVNDB-2013-005572 // CNNVD: CNNVD-201312-281 // NVD: CVE-2013-6971

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-66973 // JVNDB: JVNDB-2013-005572 // NVD: CVE-2013-6971

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-281

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-281

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005572

PATCH

title:Cisco WebEx Training Center Open Redirect Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971

Trust: 0.8

title:32146url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32146

Trust: 0.8

sources: JVNDB: JVNDB-2013-005572

EXTERNAL IDS

db:NVDid:CVE-2013-6971

Trust: 2.8

db:OSVDBid:100910

Trust: 1.1

db:SECTRACKid:1029492

Trust: 1.1

db:JVNDBid:JVNDB-2013-005572

Trust: 0.8

db:CNNVDid:CNNVD-201312-281

Trust: 0.7

db:CISCOid:20131212 CISCO WEBEX TRAINING CENTER OPEN REDIRECT VULNERABILITY

Trust: 0.6

db:BIDid:64287

Trust: 0.4

db:VULHUBid:VHN-66973

Trust: 0.1

sources: VULHUB: VHN-66973 // BID: 64287 // JVNDB: JVNDB-2013-005572 // CNNVD: CNNVD-201312-281 // NVD: CVE-2013-6971

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6971

Trust: 2.0

url:http://tools.cisco.com/security/center/viewalert.x?alertid=32146

Trust: 1.7

url:http://osvdb.org/100910

Trust: 1.1

url:http://www.securitytracker.com/id/1029492

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89653

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6971

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6971

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-66973 // BID: 64287 // JVNDB: JVNDB-2013-005572 // CNNVD: CNNVD-201312-281 // NVD: CVE-2013-6971

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 64287

SOURCES

db:VULHUBid:VHN-66973
db:BIDid:64287
db:JVNDBid:JVNDB-2013-005572
db:CNNVDid:CNNVD-201312-281
db:NVDid:CVE-2013-6971

LAST UPDATE DATE

2024-11-23T21:55:29.775000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-66973date:2017-11-29T00:00:00
db:BIDid:64287date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005572date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-281date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6971date:2024-11-21T02:00:05.070

SOURCES RELEASE DATE

db:VULHUBid:VHN-66973date:2013-12-14T00:00:00
db:BIDid:64287date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005572date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-281date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6971date:2013-12-14T22:55:14.550