Sign-up

ID

VAR-201502-0127


CVE

CVE-2015-0597


TITLE

Cisco WebEx Meetings Server of Forgot Password Vulnerabilities enumerating administrator accounts in functionality

Trust: 0.8

sources: JVNDB: JVNDB-2015-001350

DESCRIPTION

The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. An attacker may leverage this issue to harvest valid administrator accounts, which may aid in brute-force attacks. This issue being tracked by Cisco Bug IDs CSCuj67166 and CSCuj67159. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There are security vulnerabilities in the Forgot Password function of CWMS 1.5 (.1.131) and earlier versions

Trust: 1.98

sources: NVD: CVE-2015-0597 // JVNDB: JVNDB-2015-001350 // BID: 72373 // VULHUB: VHN-78543

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:lteversion:1.5\(.1.131\)

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:lteversion:1.5(.1.131)

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5\(.1.131\)

Trust: 0.6

sources: JVNDB: JVNDB-2015-001350 // CNNVD: CNNVD-201502-016 // NVD: CVE-2015-0597

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0597
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0597
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201502-016
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78543
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0597
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78543
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78543 // JVNDB: JVNDB-2015-001350 // CNNVD: CNNVD-201502-016 // NVD: CVE-2015-0597

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-78543 // JVNDB: JVNDB-2015-001350 // NVD: CVE-2015-0597

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-016

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201502-016

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001350

PATCH
title:Cisco WebEx Meetings Server User Enumeration Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0597
Trust: 0.8
title:37240url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37240
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001350

EXTERNAL IDS
db:NVDid:CVE-2015-0597
Trust: 2.8
db:BIDid:72373
Trust: 1.4
db:SECTRACKid:1031678
Trust: 1.1
db:JVNDBid:JVNDB-2015-001350
Trust: 0.8
db:CNNVDid:CNNVD-201502-016
Trust: 0.7
db:VULHUBid:VHN-78543
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78543 // 
            
            
            
            BID: 72373 // 
            
            
            
            JVNDB: JVNDB-2015-001350 // 
            
            
            
            CNNVD: CNNVD-201502-016 // 
            
            
            
            NVD: CVE-2015-0597

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0597
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37240
Trust: 1.7
url:http://www.securityfocus.com/bid/72373
Trust: 1.1
url:http://www.securitytracker.com/id/1031678
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100658
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0597
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0597
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78543 // 
            
            
            
            BID: 72373 // 
            
            
            
            JVNDB: JVNDB-2015-001350 // 
            
            
            
            CNNVD: CNNVD-201502-016 // 
            
            
            
            NVD: CVE-2015-0597

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72373

SOURCES
db:VULHUBid:VHN-78543
db:BIDid:72373
db:JVNDBid:JVNDB-2015-001350
db:CNNVDid:CNNVD-201502-016
db:NVDid:CVE-2015-0597

LAST UPDATE DATE
2024-11-23T22:45:58.824000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78543date:2017-09-08T00:00:00
db:BIDid:72373date:2015-02-04T00:03:00
db:JVNDBid:JVNDB-2015-001350date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201502-016date:2015-02-02T00:00:00
db:NVDid:CVE-2015-0597date:2024-11-21T02:23:22.947

SOURCES RELEASE DATE
db:VULHUBid:VHN-78543date:2015-02-02T00:00:00
db:BIDid:72373date:2015-01-29T00:00:00
db:JVNDBid:JVNDB-2015-001350date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201502-016date:2015-02-02T00:00:00
db:NVDid:CVE-2015-0597date:2015-02-02T01:59:08.950