Sign-up

ID

VAR-201404-0564


CVE

CVE-2014-2186


TITLE

Cisco WebEx Meetings Server of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002323

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. Vendors have confirmed this vulnerability Bug ID CSCuj81777 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDs CSCuj81777, CSCuj81786 and CSCuj81864. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2014-2186 // JVNDB: JVNDB-2014-002323 // BID: 67143 // VULHUB: VHN-70125

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5

Trust: 0.8

sources: JVNDB: JVNDB-2014-002323 // CNNVD: CNNVD-201404-598 // NVD: CVE-2014-2186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2186
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2186
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201404-598
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70125
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2186
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70125
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70125 // JVNDB: JVNDB-2014-002323 // CNNVD: CNNVD-201404-598 // NVD: CVE-2014-2186

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-70125 // JVNDB: JVNDB-2014-002323 // NVD: CVE-2014-2186

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-598

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201404-598

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002323

PATCH
title:Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2186
Trust: 0.8
title:33996url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33996
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002323

EXTERNAL IDS
db:NVDid:CVE-2014-2186
Trust: 2.8
db:SECTRACKid:1030173
Trust: 1.1
db:JVNDBid:JVNDB-2014-002323
Trust: 0.8
db:CNNVDid:CNNVD-201404-598
Trust: 0.7
db:CISCOid:20140429 CISCO WEBEX MEETINGS SERVER CROSS-SITE REQUEST FORGERY VULNERABILITY
Trust: 0.6
db:BIDid:67143
Trust: 0.4
db:VULHUBid:VHN-70125
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70125 // 
            
            
            
            BID: 67143 // 
            
            
            
            JVNDB: JVNDB-2014-002323 // 
            
            
            
            CNNVD: CNNVD-201404-598 // 
            
            
            
            NVD: CVE-2014-2186

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2186
Trust: 1.7
url:http://www.securitytracker.com/id/1030173
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2186
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2186
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70125 // 
            
            
            
            BID: 67143 // 
            
            
            
            JVNDB: JVNDB-2014-002323 // 
            
            
            
            CNNVD: CNNVD-201404-598 // 
            
            
            
            NVD: CVE-2014-2186

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67143

SOURCES
db:VULHUBid:VHN-70125
db:BIDid:67143
db:JVNDBid:JVNDB-2014-002323
db:CNNVDid:CNNVD-201404-598
db:NVDid:CVE-2014-2186

LAST UPDATE DATE
2024-11-23T22:18:37.523000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70125date:2015-09-16T00:00:00
db:BIDid:67143date:2014-05-08T06:02:00
db:JVNDBid:JVNDB-2014-002323date:2014-05-02T00:00:00
db:CNNVDid:CNNVD-201404-598date:2014-05-05T00:00:00
db:NVDid:CVE-2014-2186date:2024-11-21T02:05:49.030

SOURCES RELEASE DATE
db:VULHUBid:VHN-70125date:2014-04-30T00:00:00
db:BIDid:67143date:2014-04-29T00:00:00
db:JVNDBid:JVNDB-2014-002323date:2014-05-02T00:00:00
db:CNNVDid:CNNVD-201404-598date:2014-04-30T00:00:00
db:NVDid:CVE-2014-2186date:2014-04-30T10:49:05.207