Sign-up

ID

VAR-201407-0374


CVE

CVE-2014-3310


TITLE

Cisco WebEx Meetings Server and WebEx Meeting Center of WebEx Meetings Vulnerability in client to read arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2014-003307

DESCRIPTION

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. Vendors have confirmed this vulnerability Bug ID CSCup62442 and CSCup58463 It is released as.A third party may be able to read any file via a modified request. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. A remote attacker can read arbitrary files with a modified request. Cisco WebEx Meetings Client is prone to an arbitrary-file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the Web server and obtain potentially sensitive information. This issue is being tracked by Cisco bug IDs CSCup62442 and CSCup58463

Trust: 2.52

sources: NVD: CVE-2014-3310 // JVNDB: JVNDB-2014-003307 // CNVD: CNVD-2014-04248 // BID: 68503 // VULHUB: VHN-71250

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04248

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 1.4

vendor:ciscomodel:webex meetings serverscope:lteversion:1.5(.1.131)

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.6

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5.1.6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5.1.131

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2014-04248 // BID: 68503 // JVNDB: JVNDB-2014-003307 // CNNVD: CNNVD-201407-253 // NVD: CVE-2014-3310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3310
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3310
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-04248
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201407-253
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71250
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3310
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-04248
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71250
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-04248 // VULHUB: VHN-71250 // JVNDB: JVNDB-2014-003307 // CNNVD: CNNVD-201407-253 // NVD: CVE-2014-3310

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-71250 // JVNDB: JVNDB-2014-003307 // NVD: CVE-2014-3310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-253

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201407-253

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003307

PATCH
title:Cisco WebEx Meetings Client Arbitrary File Download Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310
Trust: 0.8
title:34893url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34893
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003307

EXTERNAL IDS
db:NVDid:CVE-2014-3310
Trust: 3.4
db:BIDid:68503
Trust: 2.0
db:SECTRACKid:1030551
Trust: 1.1
db:JVNDBid:JVNDB-2014-003307
Trust: 0.8
db:CNNVDid:CNNVD-201407-253
Trust: 0.7
db:CNVDid:CNVD-2014-04248
Trust: 0.6
db:VULHUBid:VHN-71250
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-04248 // 
            
            
            
            VULHUB: VHN-71250 // 
            
            
            
            BID: 68503 // 
            
            
            
            JVNDB: JVNDB-2014-003307 // 
            
            
            
            CNNVD: CNNVD-201407-253 // 
            
            
            
            NVD: CVE-2014-3310

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3310
Trust: 2.6
url:http://www.securityfocus.com/bid/68503
Trust: 1.1
url:http://www.securitytracker.com/id/1030551
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94431
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3310
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3310
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34893
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-04248 // 
            
            
            
            VULHUB: VHN-71250 // 
            
            
            
            BID: 68503 // 
            
            
            
            JVNDB: JVNDB-2014-003307 // 
            
            
            
            CNNVD: CNNVD-201407-253 // 
            
            
            
            NVD: CVE-2014-3310

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68503

SOURCES
db:CNVDid:CNVD-2014-04248
db:VULHUBid:VHN-71250
db:BIDid:68503
db:JVNDBid:JVNDB-2014-003307
db:CNNVDid:CNNVD-201407-253
db:NVDid:CVE-2014-3310

LAST UPDATE DATE
2024-11-23T22:35:06.932000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-04248date:2014-07-14T00:00:00
db:VULHUBid:VHN-71250date:2017-08-29T00:00:00
db:BIDid:68503date:2014-07-10T00:00:00
db:JVNDBid:JVNDB-2014-003307date:2014-07-11T00:00:00
db:CNNVDid:CNNVD-201407-253date:2014-07-11T00:00:00
db:NVDid:CVE-2014-3310date:2024-11-21T02:07:50.450

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-04248date:2014-07-14T00:00:00
db:VULHUBid:VHN-71250date:2014-07-10T00:00:00
db:BIDid:68503date:2014-07-10T00:00:00
db:JVNDBid:JVNDB-2014-003307date:2014-07-11T00:00:00
db:CNNVDid:CNNVD-201407-253date:2014-07-11T00:00:00
db:NVDid:CVE-2014-3310date:2014-07-10T11:06:27.880