Details of VAR-201502-0126

ID

VAR-201502-0126

CVE

CVE-2015-0596

TITLE

Cisco WebEx Meetings Server Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-001351

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. Vendors have confirmed this vulnerability Bug ID CSCuj67163 It is released as.A third party may be able to hijack the authentication of any user. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuj67163. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2015-0596 // JVNDB: JVNDB-2015-001351 // BID: 72371 // VULHUB: VHN-78542

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.5\(.1.131\)	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.5(.1.131)	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.5\(.1.131\)	Trust: 0.6

sources: JVNDB: JVNDB-2015-001351 // CNNVD: CNNVD-201502-015 // NVD: CVE-2015-0596

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0596
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0596
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201502-015
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78542
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0596
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78542
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78542 // JVNDB: JVNDB-2015-001351 // CNNVD: CNNVD-201502-015 // NVD: CVE-2015-0596

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-78542 // JVNDB: JVNDB-2015-001351 // NVD: CVE-2015-0596

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-015

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201502-015

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001351

PATCH

title:	Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0596	Trust: 0.8
title:	37239	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37239	Trust: 0.8

sources: JVNDB: JVNDB-2015-001351

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0596	Trust: 2.8
db:	BID	id:	72371	Trust: 1.4
db:	SECTRACK	id:	1031677	Trust: 1.1
db:	SECUNIA	id:	61797	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001351	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-015	Trust: 0.7
db:	VULHUB	id:	VHN-78542	Trust: 0.1

sources: VULHUB: VHN-78542 // BID: 72371 // JVNDB: JVNDB-2015-001351 // CNNVD: CNNVD-201502-015 // NVD: CVE-2015-0596

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0596	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37239	Trust: 1.7
url:	http://www.securityfocus.com/bid/72371	Trust: 1.1
url:	http://www.securitytracker.com/id/1031677	Trust: 1.1
url:	http://secunia.com/advisories/61797	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/100665	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0596	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0596	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-78542 // BID: 72371 // JVNDB: JVNDB-2015-001351 // CNNVD: CNNVD-201502-015 // NVD: CVE-2015-0596

CREDITS

Cisco

Trust: 0.3

sources: BID: 72371

SOURCES

db:	VULHUB	id:	VHN-78542
db:	BID	id:	72371
db:	JVNDB	id:	JVNDB-2015-001351
db:	CNNVD	id:	CNNVD-201502-015
db:	NVD	id:	CVE-2015-0596

LAST UPDATE DATE

2024-08-14T14:46:37.720000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78542	date:	2017-09-08T00:00:00
db:	BID	id:	72371	date:	2015-02-04T01:03:00
db:	JVNDB	id:	JVNDB-2015-001351	date:	2015-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201502-015	date:	2015-02-02T00:00:00
db:	NVD	id:	CVE-2015-0596	date:	2017-09-08T01:29:45.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78542	date:	2015-02-02T00:00:00
db:	BID	id:	72371	date:	2015-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-001351	date:	2015-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201502-015	date:	2015-02-02T00:00:00
db:	NVD	id:	CVE-2015-0596	date:	2015-02-02T01:59:07.890