Sign-up

ID

VAR-201506-0252


CVE

CVE-2015-4194


TITLE

Cisco WebEx Meeting Center of Web -Based management interface account name enumeration vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003217

DESCRIPTION

The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861. Vendors have confirmed this vulnerability Bug ID CSCuf28861 It is released as.A third party may enumerate account names and retrieve important information through a series of requests. Cisco WebEx Meeting Center is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid administrator accounts, which may aid in brute-force attacks. This issue being tracked by Cisco Bug ID CSCuf28861. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more. A security vulnerability exists in the web-based administration interface of Cisco WebEx Meeting Center due to a logic error in how the program handles invalid usernames

Trust: 1.98

sources: NVD: CVE-2015-4194 // JVNDB: JVNDB-2015-003217 // BID: 75296 // VULHUB: VHN-82155

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: BID: 75296 // JVNDB: JVNDB-2015-003217 // CNNVD: CNNVD-201506-337 // NVD: CVE-2015-4194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4194
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4194
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-337
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82155
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4194
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82155
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82155 // JVNDB: JVNDB-2015-003217 // CNNVD: CNNVD-201506-337 // NVD: CVE-2015-4194

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-82155 // JVNDB: JVNDB-2015-003217 // NVD: CVE-2015-4194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-337

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-337

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003217

PATCH
title:39420url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39420
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003217

EXTERNAL IDS
db:NVDid:CVE-2015-4194
Trust: 2.8
db:BIDid:75296
Trust: 1.4
db:SECTRACKid:1032660
Trust: 1.1
db:JVNDBid:JVNDB-2015-003217
Trust: 0.8
db:CNNVDid:CNNVD-201506-337
Trust: 0.7
db:VULHUBid:VHN-82155
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82155 // 
            
            
            
            BID: 75296 // 
            
            
            
            JVNDB: JVNDB-2015-003217 // 
            
            
            
            CNNVD: CNNVD-201506-337 // 
            
            
            
            NVD: CVE-2015-4194

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39420
Trust: 2.0
url:http://www.securityfocus.com/bid/75296
Trust: 1.1
url:http://www.securitytracker.com/id/1032660
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4194
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4194
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82155 // 
            
            
            
            BID: 75296 // 
            
            
            
            JVNDB: JVNDB-2015-003217 // 
            
            
            
            CNNVD: CNNVD-201506-337 // 
            
            
            
            NVD: CVE-2015-4194

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75296

SOURCES
db:VULHUBid:VHN-82155
db:BIDid:75296
db:JVNDBid:JVNDB-2015-003217
db:CNNVDid:CNNVD-201506-337
db:NVDid:CVE-2015-4194

LAST UPDATE DATE
2024-11-23T22:42:28.444000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82155date:2016-12-28T00:00:00
db:BIDid:75296date:2015-06-18T00:00:00
db:JVNDBid:JVNDB-2015-003217date:2015-06-22T00:00:00
db:CNNVDid:CNNVD-201506-337date:2015-06-23T00:00:00
db:NVDid:CVE-2015-4194date:2024-11-21T02:30:36.453

SOURCES RELEASE DATE
db:VULHUBid:VHN-82155date:2015-06-19T00:00:00
db:BIDid:75296date:2015-06-18T00:00:00
db:JVNDBid:JVNDB-2015-003217date:2015-06-22T00:00:00
db:CNNVDid:CNNVD-201506-337date:2015-06-23T00:00:00
db:NVDid:CVE-2015-4194date:2015-06-19T01:59:01.023