Details of VAR-201312-0458

ID

VAR-201312-0458

CVE

CVE-2013-6710

TITLE

Cisco WebEx Training Center Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2013-005559

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567. Vendors have confirmed this vulnerability Bug ID CSCul25567 It is released as.Authentication may be hijacked by a third party. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCul25567. Cisco WebEx Training Center is an e-learning solution in a set of WebEx meeting solutions of Cisco (Cisco). The program provides a wealth of tools for online classrooms, online training, and online exams

Trust: 1.98

sources: NVD: CVE-2013-6710 // JVNDB: JVNDB-2013-005559 // BID: 64290 // VULHUB: VHN-66712

AFFECTED PRODUCTS

vendor:	cisco	model:	webex training center	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex training center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex training center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 64290 // JVNDB: JVNDB-2013-005559 // CNNVD: CNNVD-201312-268 // NVD: CVE-2013-6710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6710
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6710
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201312-268
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66712
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6710
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66712
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66712 // JVNDB: JVNDB-2013-005559 // CNNVD: CNNVD-201312-268 // NVD: CVE-2013-6710

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-66712 // JVNDB: JVNDB-2013-005559 // NVD: CVE-2013-6710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-268

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201312-268

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005559

PATCH

title:	Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710	Trust: 0.8
title:	32154	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32154	Trust: 0.8

sources: JVNDB: JVNDB-2013-005559

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6710	Trust: 2.8
db:	SECTRACK	id:	1029492	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-005559	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-268	Trust: 0.7
db:	CISCO	id:	20131212 CISCO WEBEX TRAINING CENTER CROSS-SITE REQUEST FORGERY VULNERABILITIES	Trust: 0.6
db:	BID	id:	64290	Trust: 0.4
db:	VULHUB	id:	VHN-66712	Trust: 0.1

sources: VULHUB: VHN-66712 // BID: 64290 // JVNDB: JVNDB-2013-005559 // CNNVD: CNNVD-201312-268 // NVD: CVE-2013-6710

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6710	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32154	Trust: 1.7
url:	http://www.securitytracker.com/id/1029492	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6710	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6710	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps10410/index.html	Trust: 0.3

sources: VULHUB: VHN-66712 // BID: 64290 // JVNDB: JVNDB-2013-005559 // CNNVD: CNNVD-201312-268 // NVD: CVE-2013-6710

CREDITS

Cisco

Trust: 0.3

sources: BID: 64290

SOURCES

db:	VULHUB	id:	VHN-66712
db:	BID	id:	64290
db:	JVNDB	id:	JVNDB-2013-005559
db:	CNNVD	id:	CNNVD-201312-268
db:	NVD	id:	CVE-2013-6710

LAST UPDATE DATE

2024-11-23T21:55:29.150000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66712	date:	2016-09-16T00:00:00
db:	BID	id:	64290	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005559	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-268	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-6710	date:	2024-11-21T01:59:35.780

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66712	date:	2013-12-14T00:00:00
db:	BID	id:	64290	date:	2013-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2013-005559	date:	2013-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201312-268	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-6710	date:	2013-12-14T22:55:14.207