Sign-up

ID

VAR-201501-0223


CVE

CVE-2015-0590


TITLE

Cisco WebEx Meeting Center Invalid Meeting Attribute Enabled Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001196

DESCRIPTION

Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165. Cisco WebEx Meetings Server is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuo34165. Cisco WebEx Meeting Center is an online meeting product in a set of WebEx meeting solutions of Cisco (Cisco). The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2015-0590 // JVNDB: JVNDB-2015-001196 // BID: 72719 // VULHUB: VHN-78536

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: BID: 72719 // JVNDB: JVNDB-2015-001196 // CNNVD: CNNVD-201501-374 // NVD: CVE-2015-0590

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0590
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0590
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-374
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78536
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0590
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78536
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78536 // JVNDB: JVNDB-2015-001196 // CNNVD: CNNVD-201501-374 // NVD: CVE-2015-0590

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-78536 // JVNDB: JVNDB-2015-001196 // NVD: CVE-2015-0590

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-374

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201501-374

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001196

PATCH
title:Cisco Hosted WebEx Meeting Center Information Disclosureurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001196

EXTERNAL IDS
db:NVDid:CVE-2015-0590
Trust: 2.8
db:SECTRACKid:1031558
Trust: 1.1
db:JVNDBid:JVNDB-2015-001196
Trust: 0.8
db:CNNVDid:CNNVD-201501-374
Trust: 0.7
db:BIDid:72719
Trust: 0.4
db:VULHUBid:VHN-78536
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78536 // 
            
            
            
            BID: 72719 // 
            
            
            
            JVNDB: JVNDB-2015-001196 // 
            
            
            
            CNNVD: CNNVD-201501-374 // 
            
            
            
            NVD: CVE-2015-0590

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0590
Trust: 2.0
url:http://www.securitytracker.com/id/1031558
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100576
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0590
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0590
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78536 // 
            
            
            
            BID: 72719 // 
            
            
            
            JVNDB: JVNDB-2015-001196 // 
            
            
            
            CNNVD: CNNVD-201501-374 // 
            
            
            
            NVD: CVE-2015-0590

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72719

SOURCES
db:VULHUBid:VHN-78536
db:BIDid:72719
db:JVNDBid:JVNDB-2015-001196
db:CNNVDid:CNNVD-201501-374
db:NVDid:CVE-2015-0590

LAST UPDATE DATE
2024-11-23T22:13:33.029000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78536date:2017-09-08T00:00:00
db:BIDid:72719date:2015-02-15T00:00:00
db:JVNDBid:JVNDB-2015-001196date:2015-01-23T00:00:00
db:CNNVDid:CNNVD-201501-374date:2015-01-19T00:00:00
db:NVDid:CVE-2015-0590date:2024-11-21T02:23:22.197

SOURCES RELEASE DATE
db:VULHUBid:VHN-78536date:2015-01-17T00:00:00
db:BIDid:72719date:2015-02-15T00:00:00
db:JVNDBid:JVNDB-2015-001196date:2015-01-23T00:00:00
db:CNNVDid:CNNVD-201501-374date:2015-01-19T00:00:00
db:NVDid:CVE-2015-0590date:2015-01-17T11:59:05.030