Details of VAR-201407-0369

ID

VAR-201407-0369

CVE

CVE-2014-3305

TITLE

Cisco WebEx Meetings Server of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-003589

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735. Vendors have confirmed this vulnerability Bug ID CSCuj81735 It is released as.Authentication may be hijacked by a third party. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuj81735

Trust: 2.52

sources: NVD: CVE-2014-3305 // JVNDB: JVNDB-2014-003589 // CNVD: CNVD-2014-04691 // BID: 68903 // VULHUB: VHN-71245

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04691

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.5\(.1.6\)	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.5	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.5\(.1.131\)	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.5(.1.131)	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	lte	version:	<=1.5(.1.131)	Trust: 0.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.5\(.1.131\)	Trust: 0.6

sources: CNVD: CNVD-2014-04691 // JVNDB: JVNDB-2014-003589 // CNNVD: CNNVD-201407-627 // NVD: CVE-2014-3305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3305
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3305
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-04691
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201407-627
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71245
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3305
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-04691
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71245
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-04691 // VULHUB: VHN-71245 // JVNDB: JVNDB-2014-003589 // CNNVD: CNNVD-201407-627 // NVD: CVE-2014-3305

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-71245 // JVNDB: JVNDB-2014-003589 // NVD: CVE-2014-3305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-627

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201407-627

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003589

PATCH

title:	Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305	Trust: 0.8
title:	35051	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35051	Trust: 0.8

sources: JVNDB: JVNDB-2014-003589

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3305	Trust: 3.4
db:	BID	id:	68903	Trust: 2.0
db:	SECTRACK	id:	1030644	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003589	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-627	Trust: 0.7
db:	CNVD	id:	CNVD-2014-04691	Trust: 0.6
db:	VULHUB	id:	VHN-71245	Trust: 0.1

sources: CNVD: CNVD-2014-04691 // VULHUB: VHN-71245 // BID: 68903 // JVNDB: JVNDB-2014-003589 // CNNVD: CNNVD-201407-627 // NVD: CVE-2014-3305

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3305	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35051	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3305	Trust: 1.4
url:	http://www.securityfocus.com/bid/68903	Trust: 1.1
url:	http://www.securitytracker.com/id/1030644	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/94894	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3305	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-04691 // VULHUB: VHN-71245 // BID: 68903 // JVNDB: JVNDB-2014-003589 // CNNVD: CNNVD-201407-627 // NVD: CVE-2014-3305

CREDITS

Cisco

Trust: 0.3

sources: BID: 68903

SOURCES

db:	CNVD	id:	CNVD-2014-04691
db:	VULHUB	id:	VHN-71245
db:	BID	id:	68903
db:	JVNDB	id:	JVNDB-2014-003589
db:	CNNVD	id:	CNNVD-201407-627
db:	NVD	id:	CVE-2014-3305

LAST UPDATE DATE

2024-11-23T22:52:51.570000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04691	date:	2014-07-30T00:00:00
db:	VULHUB	id:	VHN-71245	date:	2017-08-29T00:00:00
db:	BID	id:	68903	date:	2014-08-01T00:28:00
db:	JVNDB	id:	JVNDB-2014-003589	date:	2014-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201407-627	date:	2014-07-28T00:00:00
db:	NVD	id:	CVE-2014-3305	date:	2024-11-21T02:07:49.877

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-04691	date:	2014-07-29T00:00:00
db:	VULHUB	id:	VHN-71245	date:	2014-07-26T00:00:00
db:	BID	id:	68903	date:	2014-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-003589	date:	2014-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201407-627	date:	2014-07-28T00:00:00
db:	NVD	id:	CVE-2014-3305	date:	2014-07-26T11:11:57.127