Sign-up

ID

VAR-201407-0366


CVE

CVE-2014-3301


TITLE

Cisco WebEx Meetings Server of ProfileAction Vulnerabilities in which important information is obtained in the controller

Trust: 0.8

sources: JVNDB: JVNDB-2014-003588

DESCRIPTION

The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. Cisco WebEx Meetings Server (CWMS) of ProfileAction A vulnerability exists in the controller that can retrieve important information. Vendors have confirmed this vulnerability Bug ID CSCuj81700 It is released as.If a third party reads the stack trace of the reply message, important information may be obtained. Cisco WebEx Meetings Server is a Cisco Conference Center implementation from Cisco. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuj81700

Trust: 2.52

sources: NVD: CVE-2014-3301 // JVNDB: JVNDB-2014-003588 // CNVD: CNVD-2014-04733 // BID: 68894 // VULHUB: VHN-71241

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04733

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5\(.1.6\)

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:lteversion:1.5\(.1.131\)

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:lteversion:1.5(.1.131)

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.6

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5\(.1.131\)

Trust: 0.6

sources: CNVD: CNVD-2014-04733 // JVNDB: JVNDB-2014-003588 // CNNVD: CNNVD-201407-626 // NVD: CVE-2014-3301

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3301
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3301
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-04733
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201407-626
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71241
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3301
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-04733
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71241
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-04733 // VULHUB: VHN-71241 // JVNDB: JVNDB-2014-003588 // CNNVD: CNNVD-201407-626 // NVD: CVE-2014-3301

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-71241 // JVNDB: JVNDB-2014-003588 // NVD: CVE-2014-3301

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-626

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201407-626

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003588

PATCH
title:Cisco WebEx Meetings Server Stack Trace Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3301
Trust: 0.8
title:35040url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35040
Trust: 0.8
title:Cisco WebEx Meetings Server Information Disclosure Vulnerability Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/47960
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-04733 // 
            
            
            
            JVNDB: JVNDB-2014-003588

EXTERNAL IDS
db:NVDid:CVE-2014-3301
Trust: 3.4
db:BIDid:68894
Trust: 2.0
db:SECTRACKid:1030642
Trust: 1.1
db:SECUNIAid:60573
Trust: 1.1
db:JVNDBid:JVNDB-2014-003588
Trust: 0.8
db:CNNVDid:CNNVD-201407-626
Trust: 0.7
db:CNVDid:CNVD-2014-04733
Trust: 0.6
db:VULHUBid:VHN-71241
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-04733 // 
            
            
            
            VULHUB: VHN-71241 // 
            
            
            
            BID: 68894 // 
            
            
            
            JVNDB: JVNDB-2014-003588 // 
            
            
            
            CNNVD: CNNVD-201407-626 // 
            
            
            
            NVD: CVE-2014-3301

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3301
Trust: 2.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=35040
Trust: 1.7
url:http://www.securityfocus.com/bid/68894
Trust: 1.1
url:http://www.securitytracker.com/id/1030642
Trust: 1.1
url:http://secunia.com/advisories/60573
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94895
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3301
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3301
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-04733 // 
            
            
            
            VULHUB: VHN-71241 // 
            
            
            
            BID: 68894 // 
            
            
            
            JVNDB: JVNDB-2014-003588 // 
            
            
            
            CNNVD: CNNVD-201407-626 // 
            
            
            
            NVD: CVE-2014-3301

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68894

SOURCES
db:CNVDid:CNVD-2014-04733
db:VULHUBid:VHN-71241
db:BIDid:68894
db:JVNDBid:JVNDB-2014-003588
db:CNNVDid:CNNVD-201407-626
db:NVDid:CVE-2014-3301

LAST UPDATE DATE
2024-11-23T23:05:46.393000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-04733date:2014-07-31T00:00:00
db:VULHUBid:VHN-71241date:2017-08-29T00:00:00
db:BIDid:68894date:2014-07-28T00:09:00
db:JVNDBid:JVNDB-2014-003588date:2014-07-29T00:00:00
db:CNNVDid:CNNVD-201407-626date:2014-07-28T00:00:00
db:NVDid:CVE-2014-3301date:2024-11-21T02:07:49.370

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-04733date:2014-07-29T00:00:00
db:VULHUBid:VHN-71241date:2014-07-26T00:00:00
db:BIDid:68894date:2014-07-25T00:00:00
db:JVNDBid:JVNDB-2014-003588date:2014-07-29T00:00:00
db:CNNVDid:CNNVD-201407-626date:2014-07-28T00:00:00
db:NVDid:CVE-2014-3301date:2014-07-26T11:11:57.080