Sign-up

ID

VAR-201312-0457


CVE

CVE-2013-6709


TITLE

Cisco WebEx Training Center Vulnerability that bypasses access restrictions in registered components

Trust: 0.8

sources: JVNDB: JVNDB-2013-005558

DESCRIPTION

The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111. Cisco WebEx Training Center is prone to multiple information-disclosure vulnerabilities. Successfully exploiting these issues may allow an attacker to obtain sensitive information that may aid in further attacks. These issues are being tracked by Cisco bug ID CSCul57111. The program provides a wealth of tools for online classrooms, online training, and online exams

Trust: 1.98

sources: NVD: CVE-2013-6709 // JVNDB: JVNDB-2013-005558 // BID: 64276 // VULHUB: VHN-66711

AFFECTED PRODUCTS

vendor:ciscomodel:webex training centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex training centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex training centerscope:eqversion:0

Trust: 0.3

sources: BID: 64276 // JVNDB: JVNDB-2013-005558 // CNNVD: CNNVD-201312-267 // NVD: CVE-2013-6709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6709
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6709
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-267
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66711
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6709
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66711
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66711 // JVNDB: JVNDB-2013-005558 // CNNVD: CNNVD-201312-267 // NVD: CVE-2013-6709

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-66711 // JVNDB: JVNDB-2013-005558 // NVD: CVE-2013-6709

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-267

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201312-267

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005558

PATCH
title:Cisco Webex Training Center Session Password and Access Code Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709
Trust: 0.8
title:32153url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32153
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005558

EXTERNAL IDS
db:NVDid:CVE-2013-6709
Trust: 2.8
db:SECTRACKid:1029492
Trust: 1.1
db:JVNDBid:JVNDB-2013-005558
Trust: 0.8
db:CNNVDid:CNNVD-201312-267
Trust: 0.7
db:CISCOid:20131212 CISCO WEBEX TRAINING CENTER SESSION PASSWORD AND ACCESS CODE DISCLOSURE VULNERABILITY
Trust: 0.6
db:BIDid:64276
Trust: 0.4
db:VULHUBid:VHN-66711
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66711 // 
            
            
            
            BID: 64276 // 
            
            
            
            JVNDB: JVNDB-2013-005558 // 
            
            
            
            CNNVD: CNNVD-201312-267 // 
            
            
            
            NVD: CVE-2013-6709

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6709
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32153
Trust: 1.7
url:http://www.securitytracker.com/id/1029492
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6709
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6709
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps10410/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66711 // 
            
            
            
            BID: 64276 // 
            
            
            
            JVNDB: JVNDB-2013-005558 // 
            
            
            
            CNNVD: CNNVD-201312-267 // 
            
            
            
            NVD: CVE-2013-6709

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 64276

SOURCES
db:VULHUBid:VHN-66711
db:BIDid:64276
db:JVNDBid:JVNDB-2013-005558
db:CNNVDid:CNNVD-201312-267
db:NVDid:CVE-2013-6709

LAST UPDATE DATE
2024-11-23T21:55:29.180000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66711date:2016-09-15T00:00:00
db:BIDid:64276date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005558date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-267date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6709date:2024-11-21T01:59:35.670

SOURCES RELEASE DATE
db:VULHUBid:VHN-66711date:2013-12-14T00:00:00
db:BIDid:64276date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005558date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-267date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6709date:2013-12-14T22:55:03.597