Sign-up

ID

VAR-201501-0332


CVE

CVE-2014-8031


TITLE

Cisco WebEx Meetings Server Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2014-007559

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuj40456. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2014-8031 // JVNDB: JVNDB-2014-007559 // BID: 71943 // VULHUB: VHN-75976

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

sources: BID: 71943 // JVNDB: JVNDB-2014-007559 // CNNVD: CNNVD-201501-167 // NVD: CVE-2014-8031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8031
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8031
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-167
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75976
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8031
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75976
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75976 // JVNDB: JVNDB-2014-007559 // CNNVD: CNNVD-201501-167 // NVD: CVE-2014-8031

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-75976 // JVNDB: JVNDB-2014-007559 // NVD: CVE-2014-8031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-167

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201501-167

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007559

PATCH
title:Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8031
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007559

EXTERNAL IDS
db:NVDid:CVE-2014-8031
Trust: 2.8
db:BIDid:71943
Trust: 1.4
db:SECUNIAid:62173
Trust: 1.1
db:SECTRACKid:1031517
Trust: 1.1
db:JVNDBid:JVNDB-2014-007559
Trust: 0.8
db:CNNVDid:CNNVD-201501-167
Trust: 0.7
db:VULHUBid:VHN-75976
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75976 // 
            
            
            
            BID: 71943 // 
            
            
            
            JVNDB: JVNDB-2014-007559 // 
            
            
            
            CNNVD: CNNVD-201501-167 // 
            
            
            
            NVD: CVE-2014-8031

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8031
Trust: 1.7
url:http://www.securityfocus.com/bid/71943
Trust: 1.1
url:http://www.securitytracker.com/id/1031517
Trust: 1.1
url:http://secunia.com/advisories/62173
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100575
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8031
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8031
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8031 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75976 // 
            
            
            
            BID: 71943 // 
            
            
            
            JVNDB: JVNDB-2014-007559 // 
            
            
            
            CNNVD: CNNVD-201501-167 // 
            
            
            
            NVD: CVE-2014-8031

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71943

SOURCES
db:VULHUBid:VHN-75976
db:BIDid:71943
db:JVNDBid:JVNDB-2014-007559
db:CNNVDid:CNNVD-201501-167
db:NVDid:CVE-2014-8031

LAST UPDATE DATE
2024-11-23T21:44:39.351000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75976date:2017-09-08T00:00:00
db:BIDid:71943date:2015-01-08T00:00:00
db:JVNDBid:JVNDB-2014-007559date:2015-01-13T00:00:00
db:CNNVDid:CNNVD-201501-167date:2015-01-09T00:00:00
db:NVDid:CVE-2014-8031date:2024-11-21T02:18:27.677

SOURCES RELEASE DATE
db:VULHUBid:VHN-75976date:2015-01-09T00:00:00
db:BIDid:71943date:2015-01-08T00:00:00
db:JVNDBid:JVNDB-2014-007559date:2015-01-13T00:00:00
db:CNNVDid:CNNVD-201501-167date:2015-01-09T00:00:00
db:NVDid:CVE-2014-8031date:2015-01-09T02:59:06.773