Sign-up

ID

VAR-201406-0304


CVE

CVE-2014-3286


TITLE

Cisco WebEx Meeting Server of Web Vulnerabilities that capture important information in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002788

DESCRIPTION

The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661. Vendors have confirmed this vulnerability Bug ID CSCuj81685 , CSCuj81688 , CSCuj81665 , CSCuj81744 ,and CSCuj81661 It is released as.Skillfully crafted by a third party URL You may get important information through. Cisco WebEx Meeting Server is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. This issue being tracked by Cisco Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, CSCuj81661, and CSCuj81655. Cisco WebEx Meeting Server is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2014-3286 // JVNDB: JVNDB-2014-002788 // BID: 67922 // VULHUB: VHN-71226

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2014-002788 // CNNVD: CNNVD-201406-101 // NVD: CVE-2014-3286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3286
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3286
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201406-101
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71226
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3286
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71226
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71226 // JVNDB: JVNDB-2014-002788 // CNNVD: CNNVD-201406-101 // NVD: CVE-2014-3286

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-71226 // JVNDB: JVNDB-2014-002788 // NVD: CVE-2014-3286

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-101

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201406-101

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002788

PATCH
title:Cisco WebEx Meeting Server User Enumeration Vulnerabiltyurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3286
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002788

EXTERNAL IDS
db:NVDid:CVE-2014-3286
Trust: 2.8
db:BIDid:67922
Trust: 1.4
db:SECUNIAid:58571
Trust: 1.1
db:JVNDBid:JVNDB-2014-002788
Trust: 0.8
db:CNNVDid:CNNVD-201406-101
Trust: 0.7
db:CISCOid:20140606 CISCO WEBEX MEETING SERVER USER ENUMERATION VULNERABILTY
Trust: 0.6
db:VULHUBid:VHN-71226
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71226 // 
            
            
            
            BID: 67922 // 
            
            
            
            JVNDB: JVNDB-2014-002788 // 
            
            
            
            CNNVD: CNNVD-201406-101 // 
            
            
            
            NVD: CVE-2014-3286

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3286
Trust: 1.7
url:http://www.securityfocus.com/bid/67922
Trust: 1.1
url:http://secunia.com/advisories/58571
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3286
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3286
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71226 // 
            
            
            
            BID: 67922 // 
            
            
            
            JVNDB: JVNDB-2014-002788 // 
            
            
            
            CNNVD: CNNVD-201406-101 // 
            
            
            
            NVD: CVE-2014-3286

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67922

SOURCES
db:VULHUBid:VHN-71226
db:BIDid:67922
db:JVNDBid:JVNDB-2014-002788
db:CNNVDid:CNNVD-201406-101
db:NVDid:CVE-2014-3286

LAST UPDATE DATE
2024-11-23T23:05:46.677000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71226date:2016-09-07T00:00:00
db:BIDid:67922date:2014-07-28T00:28:00
db:JVNDBid:JVNDB-2014-002788date:2014-06-10T00:00:00
db:CNNVDid:CNNVD-201406-101date:2014-06-09T00:00:00
db:NVDid:CVE-2014-3286date:2024-11-21T02:07:47.733

SOURCES RELEASE DATE
db:VULHUBid:VHN-71226date:2014-06-08T00:00:00
db:BIDid:67922date:2014-06-06T00:00:00
db:JVNDBid:JVNDB-2014-002788date:2014-06-10T00:00:00
db:CNNVDid:CNNVD-201406-101date:2014-06-09T00:00:00
db:NVDid:CVE-2014-3286date:2014-06-08T16:55:02.813