ID

VAR-201407-0375


CVE

CVE-2014-3311


TITLE

Cisco WebEx Meetings Server and WebEx Meeting Center of WebEx Meetings Client heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-003308

DESCRIPTION

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467. This vulnerability Bug ID CSCup62463 and CSCup58467 It is released as.A third party could execute arbitrary code through crafted data. Allow remote attackers to exploit exploits to execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. This issue is being tracked by Cisco bug IDs CSCup62463 and CSCup58467

Trust: 2.52

sources: NVD: CVE-2014-3311 // JVNDB: JVNDB-2014-003308 // CNVD: CNVD-2014-04249 // BID: 68502 // VULHUB: VHN-71251

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04249

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 1.4

vendor:ciscomodel:webex meetings serverscope:lteversion:1.5(.1.131)

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.6

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5.1.6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5.1.131

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2014-04249 // BID: 68502 // JVNDB: JVNDB-2014-003308 // CNNVD: CNNVD-201407-254 // NVD: CVE-2014-3311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3311
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3311
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-04249
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201407-254
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71251
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3311
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-04249
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71251
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-04249 // VULHUB: VHN-71251 // JVNDB: JVNDB-2014-003308 // CNNVD: CNNVD-201407-254 // NVD: CVE-2014-3311

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-71251 // JVNDB: JVNDB-2014-003308 // NVD: CVE-2014-3311

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-254

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201407-254

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003308

PATCH

title:Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311

Trust: 0.8

title:34894url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34894

Trust: 0.8

sources: JVNDB: JVNDB-2014-003308

EXTERNAL IDS

db:NVDid:CVE-2014-3311

Trust: 3.4

db:BIDid:68502

Trust: 2.0

db:SECTRACKid:1030550

Trust: 1.1

db:JVNDBid:JVNDB-2014-003308

Trust: 0.8

db:CNNVDid:CNNVD-201407-254

Trust: 0.7

db:CNVDid:CNVD-2014-04249

Trust: 0.6

db:VULHUBid:VHN-71251

Trust: 0.1

sources: CNVD: CNVD-2014-04249 // VULHUB: VHN-71251 // BID: 68502 // JVNDB: JVNDB-2014-003308 // CNNVD: CNNVD-201407-254 // NVD: CVE-2014-3311

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3311

Trust: 2.6

url:http://www.securityfocus.com/bid/68502

Trust: 1.1

url:http://www.securitytracker.com/id/1030550

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94432

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3311

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3311

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

url:http://tools.cisco.com/security/center/viewalert.x?alertid=34894

Trust: 0.3

sources: CNVD: CNVD-2014-04249 // VULHUB: VHN-71251 // BID: 68502 // JVNDB: JVNDB-2014-003308 // CNNVD: CNNVD-201407-254 // NVD: CVE-2014-3311

CREDITS

Cisco

Trust: 0.3

sources: BID: 68502

SOURCES

db:CNVDid:CNVD-2014-04249
db:VULHUBid:VHN-71251
db:BIDid:68502
db:JVNDBid:JVNDB-2014-003308
db:CNNVDid:CNNVD-201407-254
db:NVDid:CVE-2014-3311

LAST UPDATE DATE

2024-11-23T22:31:18.110000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-04249date:2014-07-14T00:00:00
db:VULHUBid:VHN-71251date:2017-08-29T00:00:00
db:BIDid:68502date:2014-07-10T00:00:00
db:JVNDBid:JVNDB-2014-003308date:2014-07-11T00:00:00
db:CNNVDid:CNNVD-201407-254date:2014-07-11T00:00:00
db:NVDid:CVE-2014-3311date:2024-11-21T02:07:50.563

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-04249date:2014-07-14T00:00:00
db:VULHUBid:VHN-71251date:2014-07-10T00:00:00
db:BIDid:68502date:2014-07-10T00:00:00
db:JVNDBid:JVNDB-2014-003308date:2014-07-11T00:00:00
db:CNNVDid:CNNVD-201407-254date:2014-07-11T00:00:00
db:NVDid:CVE-2014-3311date:2014-07-10T11:06:27.927