Sign-up

ID

VAR-201401-0154


CVE

CVE-2013-6687


TITLE

Cisco WebEx Meetings Server Vulnerabilities in obtaining plaintext administrator passwords

Trust: 0.8

sources: JVNDB: JVNDB-2014-001188

DESCRIPTION

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876. Cisco WebEx meetings server is prone to a password disclosure vulnerability. Successful exploits may allow an attacker to disclose sensitive information such as stored passwords; this may aid in further attacks. This issue is being tracked by Cisco bug ID CSCul33876. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2013-6687 // JVNDB: JVNDB-2014-001188 // BID: 64980 // VULHUB: VHN-66689

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:lteversion:1.5(.1.131)

Trust: 0.8

sources: JVNDB: JVNDB-2014-001188 // CNNVD: CNNVD-201401-347 // NVD: CVE-2013-6687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6687
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6687
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201401-347
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66689
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6687
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66689
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66689 // JVNDB: JVNDB-2014-001188 // CNNVD: CNNVD-201401-347 // NVD: CVE-2013-6687

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-66689 // JVNDB: JVNDB-2014-001188 // NVD: CVE-2013-6687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-347

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201401-347

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001188

PATCH
title:Cisco WebEx Meetings Server Enterprise License Manager Administrative Password Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6687
Trust: 0.8
title:32467url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32467
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001188

EXTERNAL IDS
db:NVDid:CVE-2013-6687
Trust: 2.8
db:JVNDBid:JVNDB-2014-001188
Trust: 0.8
db:CNNVDid:CNNVD-201401-347
Trust: 0.7
db:CISCOid:20140116 CISCO WEBEX MEETINGS SERVER ENTERPRISE LICENSE MANAGER ADMINISTRATIVE PASSWORD DISCLOSURE VULNERABILITY
Trust: 0.6
db:BIDid:64980
Trust: 0.4
db:VULHUBid:VHN-66689
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66689 // 
            
            
            
            BID: 64980 // 
            
            
            
            JVNDB: JVNDB-2014-001188 // 
            
            
            
            CNNVD: CNNVD-201401-347 // 
            
            
            
            NVD: CVE-2013-6687

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6687
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6687
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6687
Trust: 0.8
sources:
            
            
            VULHUB: VHN-66689 // 
            
            
            
            JVNDB: JVNDB-2014-001188 // 
            
            
            
            CNNVD: CNNVD-201401-347 // 
            
            
            
            NVD: CVE-2013-6687

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 64980

SOURCES
db:VULHUBid:VHN-66689
db:BIDid:64980
db:JVNDBid:JVNDB-2014-001188
db:CNNVDid:CNNVD-201401-347
db:NVDid:CVE-2013-6687

LAST UPDATE DATE
2024-11-23T22:46:08.631000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66689date:2014-01-17T00:00:00
db:BIDid:64980date:2014-01-20T01:02:00
db:JVNDBid:JVNDB-2014-001188date:2014-01-20T00:00:00
db:CNNVDid:CNNVD-201401-347date:2014-01-21T00:00:00
db:NVDid:CVE-2013-6687date:2024-11-21T01:59:33.317

SOURCES RELEASE DATE
db:VULHUBid:VHN-66689date:2014-01-16T00:00:00
db:BIDid:64980date:2014-01-16T00:00:00
db:JVNDBid:JVNDB-2014-001188date:2014-01-20T00:00:00
db:CNNVDid:CNNVD-201401-347date:2014-01-21T00:00:00
db:NVDid:CVE-2013-6687date:2014-01-16T19:55:04.560