Sign-up

ID

VAR-201501-0335


CVE

CVE-2014-8034


TITLE

Cisco WebEx Meetings Server Vulnerabilities that gain access

Trust: 0.8

sources: JVNDB: JVNDB-2014-007701

DESCRIPTION

Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. Vendors have confirmed this vulnerability Bug ID CSCuj40321 It is released as.A third party could gain access through brute force techniques that guess usernames. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. This issue being tracked by Cisco Bug ID CSCuj40321. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There is a security vulnerability in CWMS version 1.5, which stems from the fact that the program does not update the CAPTCHA of the login page

Trust: 1.98

sources: NVD: CVE-2014-8034 // JVNDB: JVNDB-2014-007701 // BID: 71978 // VULHUB: VHN-75979

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5

Trust: 2.4

sources: JVNDB: JVNDB-2014-007701 // CNNVD: CNNVD-201501-239 // NVD: CVE-2014-8034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8034
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8034
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-239
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75979
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8034
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75979
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75979 // JVNDB: JVNDB-2014-007701 // CNNVD: CNNVD-201501-239 // NVD: CVE-2014-8034

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-75979 // JVNDB: JVNDB-2014-007701 // NVD: CVE-2014-8034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-239

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201501-239

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007701

PATCH
title:Cisco WebEx Meetings Server User Enumeration Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034
Trust: 0.8
title:36990url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36990
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007701

EXTERNAL IDS
db:NVDid:CVE-2014-8034
Trust: 2.8
db:BIDid:71978
Trust: 2.0
db:SECTRACKid:1031543
Trust: 1.1
db:JVNDBid:JVNDB-2014-007701
Trust: 0.8
db:CNNVDid:CNNVD-201501-239
Trust: 0.7
db:VULHUBid:VHN-75979
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75979 // 
            
            
            
            BID: 71978 // 
            
            
            
            JVNDB: JVNDB-2014-007701 // 
            
            
            
            CNNVD: CNNVD-201501-239 // 
            
            
            
            NVD: CVE-2014-8034

REFERENCES
url:http://www.securityfocus.com/bid/71978
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8034
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36990
Trust: 1.7
url:http://www.securitytracker.com/id/1031543
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100552
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8034
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8034
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75979 // 
            
            
            
            BID: 71978 // 
            
            
            
            JVNDB: JVNDB-2014-007701 // 
            
            
            
            CNNVD: CNNVD-201501-239 // 
            
            
            
            NVD: CVE-2014-8034

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 71978 // 
            
            
            
            CNNVD: CNNVD-201501-239

SOURCES
db:VULHUBid:VHN-75979
db:BIDid:71978
db:JVNDBid:JVNDB-2014-007701
db:CNNVDid:CNNVD-201501-239
db:NVDid:CVE-2014-8034

LAST UPDATE DATE
2024-11-23T22:01:54.272000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75979date:2017-09-08T00:00:00
db:BIDid:71978date:2015-01-09T00:00:00
db:JVNDBid:JVNDB-2014-007701date:2015-01-20T00:00:00
db:CNNVDid:CNNVD-201501-239date:2015-01-16T00:00:00
db:NVDid:CVE-2014-8034date:2024-11-21T02:18:28.010

SOURCES RELEASE DATE
db:VULHUBid:VHN-75979date:2015-01-15T00:00:00
db:BIDid:71978date:2015-01-09T00:00:00
db:JVNDBid:JVNDB-2014-007701date:2015-01-20T00:00:00
db:CNNVDid:CNNVD-201501-239date:2015-01-13T00:00:00
db:NVDid:CVE-2014-8034date:2015-01-15T22:59:02.727