Sign-up

ID

VAR-201405-0474


CVE

CVE-2014-2199


TITLE

plural Cisco WebEx Product meetinginfo.do Vulnerable to obtaining important meeting information

Trust: 0.8

sources: JVNDB: JVNDB-2014-002549

DESCRIPTION

meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738. plural Cisco WebEx Product meetinginfo.do Contains a vulnerability in which important meeting information can be obtained. Vendors have confirmed this vulnerability Bug ID CSCuo68624 and CSCue46738 It is released as.By using the information of the meeting identifier by a third party, important meeting information may be obtained. Cisco WebEx Business Suite is prone to an information-disclosure vulnerability. Attackers can exploit this issue to disclose sensitive information. Information obtained may lead to further attacks. This issue is being tracked by Cisco Bug IDs CSCuo68624 and CSCue46738. Cisco WebEx Event Center, etc. are all products in the WebEx conference solution of Cisco (Cisco). WebEx Event Center is a web conferencing event product; WebEx Sales Center is a set of online presentation and online sales products

Trust: 1.98

sources: NVD: CVE-2014-2199 // JVNDB: JVNDB-2014-002549 // BID: 67424 // VULHUB: VHN-70138

AFFECTED PRODUCTS

vendor:ciscomodel:webex training centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex business suitescope:eqversion:29.0

Trust: 1.6

vendor:ciscomodel:webex sales centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex event centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex business suitescope:eqversion:28.0

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex business suitescope:eqversion:27.0

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:lteversion:1.5\(.1.131\)

Trust: 1.0

vendor:ciscomodel:webex business suitescope:ltversion:27 thats all 27.32.31.16

Trust: 0.8

vendor:ciscomodel:webex business suitescope:ltversion:28 thats all 28.12.13.18

Trust: 0.8

vendor:ciscomodel:webex business suitescope:ltversion:29 thats all 29.5.1.12

Trust: 0.8

vendor:ciscomodel:webex event centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5(.1.131)

Trust: 0.8

vendor:ciscomodel:webex sales centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex training centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5\(.1.131\)

Trust: 0.6

sources: JVNDB: JVNDB-2014-002549 // CNNVD: CNNVD-201405-382 // NVD: CVE-2014-2199

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2199
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2199
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-382
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70138
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2199
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70138
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70138 // JVNDB: JVNDB-2014-002549 // CNNVD: CNNVD-201405-382 // NVD: CVE-2014-2199

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-70138 // JVNDB: JVNDB-2014-002549 // NVD: CVE-2014-2199

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-382

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201405-382

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002549

PATCH
title:WebEx Meeting Information Disclosure Vulnerability in meetinginfo.dourl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199
Trust: 0.8
title:34252url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34252
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002549

EXTERNAL IDS
db:NVDid:CVE-2014-2199
Trust: 2.8
db:SECTRACKid:1030251
Trust: 1.1
db:JVNDBid:JVNDB-2014-002549
Trust: 0.8
db:CNNVDid:CNNVD-201405-382
Trust: 0.7
db:CISCOid:20140515 WEBEX MEETING INFORMATION DISCLOSURE VULNERABILITY IN MEETINGINFO.DO
Trust: 0.6
db:BIDid:67424
Trust: 0.4
db:VULHUBid:VHN-70138
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70138 // 
            
            
            
            BID: 67424 // 
            
            
            
            JVNDB: JVNDB-2014-002549 // 
            
            
            
            CNNVD: CNNVD-201405-382 // 
            
            
            
            NVD: CVE-2014-2199

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2199
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34252
Trust: 1.7
url:http://www.securitytracker.com/id/1030251
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2199
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2199
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70138 // 
            
            
            
            BID: 67424 // 
            
            
            
            JVNDB: JVNDB-2014-002549 // 
            
            
            
            CNNVD: CNNVD-201405-382 // 
            
            
            
            NVD: CVE-2014-2199

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67424

SOURCES
db:VULHUBid:VHN-70138
db:BIDid:67424
db:JVNDBid:JVNDB-2014-002549
db:CNNVDid:CNNVD-201405-382
db:NVDid:CVE-2014-2199

LAST UPDATE DATE
2024-11-23T22:35:15.569000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70138date:2016-09-07T00:00:00
db:BIDid:67424date:2014-05-21T06:43:00
db:JVNDBid:JVNDB-2014-002549date:2014-05-21T00:00:00
db:CNNVDid:CNNVD-201405-382date:2014-05-23T00:00:00
db:NVDid:CVE-2014-2199date:2024-11-21T02:05:50.297

SOURCES RELEASE DATE
db:VULHUBid:VHN-70138date:2014-05-20T00:00:00
db:BIDid:67424date:2014-05-15T00:00:00
db:JVNDBid:JVNDB-2014-002549date:2014-05-21T00:00:00
db:CNNVDid:CNNVD-201405-382date:2014-05-23T00:00:00
db:NVDid:CVE-2014-2199date:2014-05-20T11:13:37.657