Details of VAR-201401-0354

ID

VAR-201401-0354

CVE

CVE-2014-0682

TITLE

Cisco WebEx Meetings Server Vulnerabilities that bypass authentication checks

Trust: 0.8

sources: JVNDB: JVNDB-2014-001281

DESCRIPTION

Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346. An authenticated attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuj42346. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2014-0682 // JVNDB: JVNDB-2014-001281 // BID: 65198 // VULHUB: VHN-68175

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.5 (.1.131)	Trust: 0.8

sources: JVNDB: JVNDB-2014-001281 // CNNVD: CNNVD-201401-584 // NVD: CVE-2014-0682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0682
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0682
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201401-584
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68175
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0682
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68175
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68175 // JVNDB: JVNDB-2014-001281 // CNNVD: CNNVD-201401-584 // NVD: CVE-2014-0682

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-68175 // JVNDB: JVNDB-2014-001281 // NVD: CVE-2014-0682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-584

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201401-584

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001281

PATCH

title:	Cisco WebEx Meetings Server Unauthorized Meeting Actions Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0682	Trust: 0.8
title:	32618	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32618	Trust: 0.8

sources: JVNDB: JVNDB-2014-001281

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0682	Trust: 2.8
db:	BID	id:	65198	Trust: 1.4
db:	SECTRACK	id:	1029700	Trust: 1.1
db:	OSVDB	id:	102590	Trust: 1.1
db:	SECUNIA	id:	56668	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001281	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-584	Trust: 0.7
db:	CISCO	id:	20140128 CISCO WEBEX MEETINGS SERVER UNAUTHORIZED MEETING ACTIONS VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-68175	Trust: 0.1

sources: VULHUB: VHN-68175 // BID: 65198 // JVNDB: JVNDB-2014-001281 // CNNVD: CNNVD-201401-584 // NVD: CVE-2014-0682

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0682	Trust: 1.7
url:	http://www.securityfocus.com/bid/65198	Trust: 1.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32618	Trust: 1.1
url:	http://osvdb.org/102590	Trust: 1.1
url:	http://www.securitytracker.com/id/1029700	Trust: 1.1
url:	http://secunia.com/advisories/56668	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0682	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0682	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68175 // BID: 65198 // JVNDB: JVNDB-2014-001281 // CNNVD: CNNVD-201401-584 // NVD: CVE-2014-0682

CREDITS

Cisco

Trust: 0.3

sources: BID: 65198

SOURCES

db:	VULHUB	id:	VHN-68175
db:	BID	id:	65198
db:	JVNDB	id:	JVNDB-2014-001281
db:	CNNVD	id:	CNNVD-201401-584
db:	NVD	id:	CVE-2014-0682

LAST UPDATE DATE

2024-11-23T22:02:18.325000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68175	date:	2018-01-03T00:00:00
db:	BID	id:	65198	date:	2014-01-31T01:34:00
db:	JVNDB	id:	JVNDB-2014-001281	date:	2014-01-30T00:00:00
db:	CNNVD	id:	CNNVD-201401-584	date:	2014-03-07T00:00:00
db:	NVD	id:	CVE-2014-0682	date:	2024-11-21T02:02:39.163

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68175	date:	2014-01-29T00:00:00
db:	BID	id:	65198	date:	2014-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-001281	date:	2014-01-30T00:00:00
db:	CNNVD	id:	CNNVD-201401-584	date:	2014-01-29T00:00:00
db:	NVD	id:	CVE-2014-0682	date:	2014-01-29T18:34:05.373