Sign-up

ID

VAR-201502-0121


CVE

CVE-2015-0589


TITLE

Cisco WebEx Meetings Server Management Web Any with root privileges in the interface OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001528

DESCRIPTION

The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460. Vendors have confirmed this vulnerability Bug ID CSCuj40460 It is released as.Remotely authenticated users can specify any OS The command may be executed. Cisco WebEx Meetings Server is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. This issue is being tracked by Cisco bug ID CSCuj40460. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There are security vulnerabilities in the web management interface of CWMS versions 1.0 to 1.5

Trust: 1.98

sources: NVD: CVE-2015-0589 // JVNDB: JVNDB-2015-001528 // BID: 72493 // VULHUB: VHN-78535

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:1.0

Trust: 2.4

vendor:ciscomodel:webex meetings serverscope:eqversion:1.1

Trust: 2.4

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5

Trust: 2.4

sources: JVNDB: JVNDB-2015-001528 // CNNVD: CNNVD-201502-083 // NVD: CVE-2015-0589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0589
value: HIGH

Trust: 1.0

NVD: CVE-2015-0589
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201502-083
value: CRITICAL

Trust: 0.6

VULHUB: VHN-78535
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-0589
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78535
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78535 // JVNDB: JVNDB-2015-001528 // CNNVD: CNNVD-201502-083 // NVD: CVE-2015-0589

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-78535 // JVNDB: JVNDB-2015-001528 // NVD: CVE-2015-0589

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-083

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201502-083

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001528

PATCH
title:cisco-sa-20150204-wbxurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx
Trust: 0.8
title:37335url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37335
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001528

EXTERNAL IDS
db:NVDid:CVE-2015-0589
Trust: 2.8
db:BIDid:72493
Trust: 2.0
db:SECTRACKid:1031692
Trust: 1.1
db:SECUNIAid:62799
Trust: 1.1
db:JVNDBid:JVNDB-2015-001528
Trust: 0.8
db:CNNVDid:CNNVD-201502-083
Trust: 0.7
db:VULHUBid:VHN-78535
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78535 // 
            
            
            
            BID: 72493 // 
            
            
            
            JVNDB: JVNDB-2015-001528 // 
            
            
            
            CNNVD: CNNVD-201502-083 // 
            
            
            
            NVD: CVE-2015-0589

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150204-wbx
Trust: 2.0
url:http://www.securityfocus.com/bid/72493
Trust: 1.7
url:http://www.securitytracker.com/id/1031692
Trust: 1.1
url:http://secunia.com/advisories/62799
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100719
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0589
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0589
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37335
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78535 // 
            
            
            
            BID: 72493 // 
            
            
            
            JVNDB: JVNDB-2015-001528 // 
            
            
            
            CNNVD: CNNVD-201502-083 // 
            
            
            
            NVD: CVE-2015-0589

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 72493 // 
            
            
            
            CNNVD: CNNVD-201502-083

SOURCES
db:VULHUBid:VHN-78535
db:BIDid:72493
db:JVNDBid:JVNDB-2015-001528
db:CNNVDid:CNNVD-201502-083
db:NVDid:CVE-2015-0589

LAST UPDATE DATE
2024-11-23T22:56:30.506000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78535date:2017-09-08T00:00:00
db:BIDid:72493date:2015-02-04T00:00:00
db:JVNDBid:JVNDB-2015-001528date:2015-02-19T00:00:00
db:CNNVDid:CNNVD-201502-083date:2015-02-09T00:00:00
db:NVDid:CVE-2015-0589date:2024-11-21T02:23:22.090

SOURCES RELEASE DATE
db:VULHUBid:VHN-78535date:2015-02-07T00:00:00
db:BIDid:72493date:2015-02-04T00:00:00
db:JVNDBid:JVNDB-2015-001528date:2015-02-19T00:00:00
db:CNNVDid:CNNVD-201502-083date:2015-02-05T00:00:00
db:NVDid:CVE-2015-0589date:2015-02-07T15:59:06.143