Details of VAR-201406-0312

ID

VAR-201406-0312

CVE

CVE-2014-3296

TITLE

Cisco WebEx Meeting Server of XML programmatic interface Vulnerable to obtaining important meeting information

Trust: 0.8

sources: JVNDB: JVNDB-2014-003024

DESCRIPTION

The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527. Cisco WebEx Meetings Server is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCum03527. Cisco WebEx Meeting Server is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2014-3296 // JVNDB: JVNDB-2014-003024 // BID: 68118 // VULHUB: VHN-71236

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.5\(.1.6\)	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.5\(.1.131\)	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.5(.1.131)	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.5\(.1.131\)	Trust: 0.6

sources: JVNDB: JVNDB-2014-003024 // CNNVD: CNNVD-201406-468 // NVD: CVE-2014-3296

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3296
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3296
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201406-468
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71236
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3296
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71236
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71236 // JVNDB: JVNDB-2014-003024 // CNNVD: CNNVD-201406-468 // NVD: CVE-2014-3296

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-71236 // JVNDB: JVNDB-2014-003024 // NVD: CVE-2014-3296

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-468

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201406-468

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003024

PATCH

title:	Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3296	Trust: 0.8
title:	34663	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34663	Trust: 0.8

sources: JVNDB: JVNDB-2014-003024

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3296	Trust: 2.8
db:	BID	id:	68118	Trust: 1.4
db:	SECUNIA	id:	59263	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003024	Trust: 0.8
db:	CNNVD	id:	CNNVD-201406-468	Trust: 0.7
db:	VULHUB	id:	VHN-71236	Trust: 0.1

sources: VULHUB: VHN-71236 // BID: 68118 // JVNDB: JVNDB-2014-003024 // CNNVD: CNNVD-201406-468 // NVD: CVE-2014-3296

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3296	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34663	Trust: 1.7
url:	http://www.securityfocus.com/bid/68118	Trust: 1.1
url:	http://secunia.com/advisories/59263	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3296	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3296	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71236 // BID: 68118 // JVNDB: JVNDB-2014-003024 // CNNVD: CNNVD-201406-468 // NVD: CVE-2014-3296

CREDITS

Cisco

Trust: 0.3

sources: BID: 68118

SOURCES

db:	VULHUB	id:	VHN-71236
db:	BID	id:	68118
db:	JVNDB	id:	JVNDB-2014-003024
db:	CNNVD	id:	CNNVD-201406-468
db:	NVD	id:	CVE-2014-3296

LAST UPDATE DATE

2024-11-23T22:35:07.285000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71236	date:	2017-01-12T00:00:00
db:	BID	id:	68118	date:	2014-06-23T00:03:00
db:	JVNDB	id:	JVNDB-2014-003024	date:	2014-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201406-468	date:	2014-06-23T00:00:00
db:	NVD	id:	CVE-2014-3296	date:	2024-11-21T02:07:48.790

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71236	date:	2014-06-21T00:00:00
db:	BID	id:	68118	date:	2014-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-003024	date:	2014-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201406-468	date:	2014-06-23T00:00:00
db:	NVD	id:	CVE-2014-3296	date:	2014-06-21T15:55:04.197