Details of VAR-201312-0261

ID

VAR-201312-0261

CVE

CVE-2013-6972

TITLE

Cisco WebEx Training Center Vulnerable to session number

Trust: 0.8

sources: JVNDB: JVNDB-2013-005573

DESCRIPTION

Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. Cisco WebEx Training Center is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. This issue is tracked by Cisco Bug ID CSCul57126. The program provides a wealth of tools for online classrooms, online training, and online exams

Trust: 1.98

sources: NVD: CVE-2013-6972 // JVNDB: JVNDB-2013-005573 // BID: 64282 // VULHUB: VHN-66974

AFFECTED PRODUCTS

vendor:	cisco	model:	webex training center	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex training center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex training center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 64282 // JVNDB: JVNDB-2013-005573 // CNNVD: CNNVD-201312-282 // NVD: CVE-2013-6972

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6972
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6972
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201312-282
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66974
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6972
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66974
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66974 // JVNDB: JVNDB-2013-005573 // CNNVD: CNNVD-201312-282 // NVD: CVE-2013-6972

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-66974 // JVNDB: JVNDB-2013-005573 // NVD: CVE-2013-6972

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-282

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201312-282

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005573

PATCH

title:	Cisco WebEx Training Center Training Session Number Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6972	Trust: 0.8
title:	32145	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32145	Trust: 0.8

sources: JVNDB: JVNDB-2013-005573

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6972	Trust: 2.8
db:	BID	id:	64282	Trust: 1.4
db:	OSVDB	id:	100914	Trust: 1.1
db:	SECTRACK	id:	1029492	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-005573	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-282	Trust: 0.7
db:	CISCO	id:	20131212 CISCO WEBEX TRAINING CENTER TRAINING SESSION NUMBER DISCLOSURE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-66974	Trust: 0.1

sources: VULHUB: VHN-66974 // BID: 64282 // JVNDB: JVNDB-2013-005573 // CNNVD: CNNVD-201312-282 // NVD: CVE-2013-6972

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6972	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32145	Trust: 1.7
url:	http://www.securityfocus.com/bid/64282	Trust: 1.1
url:	http://osvdb.org/100914	Trust: 1.1
url:	http://www.securitytracker.com/id/1029492	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/89652	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6972	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6972	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-66974 // BID: 64282 // JVNDB: JVNDB-2013-005573 // CNNVD: CNNVD-201312-282 // NVD: CVE-2013-6972

CREDITS

Cisco

Trust: 0.3

sources: BID: 64282

SOURCES

db:	VULHUB	id:	VHN-66974
db:	BID	id:	64282
db:	JVNDB	id:	JVNDB-2013-005573
db:	CNNVD	id:	CNNVD-201312-282
db:	NVD	id:	CVE-2013-6972

LAST UPDATE DATE

2024-11-23T21:55:29.120000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66974	date:	2017-11-29T00:00:00
db:	BID	id:	64282	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005573	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-282	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-6972	date:	2024-11-21T02:00:05.187

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66974	date:	2013-12-14T00:00:00
db:	BID	id:	64282	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005573	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-282	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-6972	date:	2013-12-14T22:55:14.567