Sign-up

ID

VAR-201501-0334


CVE

CVE-2014-8033


TITLE

Cisco WebEx Meetings Server of play/modules Vulnerability in components gaining administrator access

Trust: 0.8

sources: JVNDB: JVNDB-2014-007561

DESCRIPTION

The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuj40421. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. A security vulnerability exists in the play/modules component of CWMS

Trust: 1.98

sources: NVD: CVE-2014-8033 // JVNDB: JVNDB-2014-007561 // BID: 71950 // VULHUB: VHN-75978

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

sources: BID: 71950 // JVNDB: JVNDB-2014-007561 // CNNVD: CNNVD-201501-169 // NVD: CVE-2014-8033

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8033
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8033
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-169
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75978
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8033
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75978
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75978 // JVNDB: JVNDB-2014-007561 // CNNVD: CNNVD-201501-169 // NVD: CVE-2014-8033

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-75978 // JVNDB: JVNDB-2014-007561 // NVD: CVE-2014-8033

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-169

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201501-169

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007561

PATCH
title:Cisco WebEx Meetings Server Authentication Bypass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8033
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007561

EXTERNAL IDS
db:NVDid:CVE-2014-8033
Trust: 2.8
db:BIDid:71950
Trust: 1.4
db:SECUNIAid:60279
Trust: 1.1
db:SECTRACKid:1031517
Trust: 1.1
db:JVNDBid:JVNDB-2014-007561
Trust: 0.8
db:CNNVDid:CNNVD-201501-169
Trust: 0.7
db:VULHUBid:VHN-75978
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75978 // 
            
            
            
            BID: 71950 // 
            
            
            
            JVNDB: JVNDB-2014-007561 // 
            
            
            
            CNNVD: CNNVD-201501-169 // 
            
            
            
            NVD: CVE-2014-8033

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8033
Trust: 2.0
url:http://www.securityfocus.com/bid/71950
Trust: 1.1
url:http://www.securitytracker.com/id/1031517
Trust: 1.1
url:http://secunia.com/advisories/60279
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100572
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8033
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8033
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75978 // 
            
            
            
            BID: 71950 // 
            
            
            
            JVNDB: JVNDB-2014-007561 // 
            
            
            
            CNNVD: CNNVD-201501-169 // 
            
            
            
            NVD: CVE-2014-8033

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71950

SOURCES
db:VULHUBid:VHN-75978
db:BIDid:71950
db:JVNDBid:JVNDB-2014-007561
db:CNNVDid:CNNVD-201501-169
db:NVDid:CVE-2014-8033

LAST UPDATE DATE
2024-11-23T21:44:39.381000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75978date:2017-09-08T00:00:00
db:BIDid:71950date:2015-01-08T00:00:00
db:JVNDBid:JVNDB-2014-007561date:2015-01-13T00:00:00
db:CNNVDid:CNNVD-201501-169date:2015-01-14T00:00:00
db:NVDid:CVE-2014-8033date:2024-11-21T02:18:27.897

SOURCES RELEASE DATE
db:VULHUBid:VHN-75978date:2015-01-09T00:00:00
db:BIDid:71950date:2015-01-08T00:00:00
db:JVNDBid:JVNDB-2014-007561date:2015-01-13T00:00:00
db:CNNVDid:CNNVD-201501-169date:2015-01-09T00:00:00
db:NVDid:CVE-2014-8033date:2015-01-09T02:59:08.587