Details of VAR-201410-0061

ID

VAR-201410-0061

CVE

CVE-2014-3400

TITLE

Cisco WebEx Meetings Server Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-004528

DESCRIPTION

Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCuq36417 and CSCuq4034. There is a security vulnerability in CWMS that stems from the inclusion of sensitive data in the logs

Trust: 2.52

sources: NVD: CVE-2014-3400 // JVNDB: JVNDB-2014-004528 // CNVD: CNVD-2014-06558 // BID: 70234 // VULHUB: VHN-71340

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06558

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-06558 // BID: 70234 // JVNDB: JVNDB-2014-004528 // CNNVD: CNNVD-201410-111 // NVD: CVE-2014-3400

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3400
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3400
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-06558
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201410-111
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71340
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3400
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06558
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71340
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06558 // VULHUB: VHN-71340 // JVNDB: JVNDB-2014-004528 // CNNVD: CNNVD-201410-111 // NVD: CVE-2014-3400

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-71340 // JVNDB: JVNDB-2014-004528 // NVD: CVE-2014-3400

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-111

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201410-111

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004528

PATCH

title:	Cisco WebEx Meetings Server Password Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3400	Trust: 0.8
title:	Patch for Cisco WebEx Meetings Server Information Disclosure Vulnerability (CNVD-2014-06558)	url:	https://www.cnvd.org.cn/patchInfo/show/50625	Trust: 0.6

sources: CNVD: CNVD-2014-06558 // JVNDB: JVNDB-2014-004528

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3400	Trust: 3.4
db:	BID	id:	70234	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-004528	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-111	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06558	Trust: 0.6
db:	VULHUB	id:	VHN-71340	Trust: 0.1

sources: CNVD: CNVD-2014-06558 // VULHUB: VHN-71340 // BID: 70234 // JVNDB: JVNDB-2014-004528 // CNNVD: CNNVD-201410-111 // NVD: CVE-2014-3400

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3400	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3400	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3400	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-06558 // VULHUB: VHN-71340 // BID: 70234 // JVNDB: JVNDB-2014-004528 // CNNVD: CNNVD-201410-111 // NVD: CVE-2014-3400

CREDITS

Cisco

Trust: 0.3

sources: BID: 70234

SOURCES

db:	CNVD	id:	CNVD-2014-06558
db:	VULHUB	id:	VHN-71340
db:	BID	id:	70234
db:	JVNDB	id:	JVNDB-2014-004528
db:	CNNVD	id:	CNNVD-201410-111
db:	NVD	id:	CVE-2014-3400

LAST UPDATE DATE

2024-11-23T22:23:04.046000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06558	date:	2014-10-09T00:00:00
db:	VULHUB	id:	VHN-71340	date:	2014-10-06T00:00:00
db:	BID	id:	70234	date:	2014-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2014-004528	date:	2014-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201410-111	date:	2014-10-10T00:00:00
db:	NVD	id:	CVE-2014-3400	date:	2024-11-21T02:08:00.940

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06558	date:	2014-10-09T00:00:00
db:	VULHUB	id:	VHN-71340	date:	2014-10-05T00:00:00
db:	BID	id:	70234	date:	2014-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2014-004528	date:	2014-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201410-111	date:	2014-10-10T00:00:00
db:	NVD	id:	CVE-2014-3400	date:	2014-10-05T01:55:13.237