Details of VAR-201506-0297

ID

VAR-201506-0297

CVE

CVE-2015-4209

TITLE

Cisco WebEx Meeting Center Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-003250

DESCRIPTION

Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. Cisco WebEx Meeting Center is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information such as calendar files. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCur23913. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 2.07

sources: NVD: CVE-2015-4209 // JVNDB: JVNDB-2015-003250 // BID: 75351 // VULHUB: VHN-82170 // VULMON: CVE-2015-4209

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meeting center	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex meeting center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 75351 // JVNDB: JVNDB-2015-003250 // CNNVD: CNNVD-201506-407 // NVD: CVE-2015-4209

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4209
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4209
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201506-407
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82170
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-4209
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4209
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-82170
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-82170 // VULMON: CVE-2015-4209 // JVNDB: JVNDB-2015-003250 // CNNVD: CNNVD-201506-407 // NVD: CVE-2015-4209

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-82170 // JVNDB: JVNDB-2015-003250 // NVD: CVE-2015-4209

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-407

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-407

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003250

PATCH

title:	39459	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39459	Trust: 0.8
title:	Cisco: Cisco WebEx Meetings Host Calendar Download Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150622-CVE-2015-4209	Trust: 0.1

sources: VULMON: CVE-2015-4209 // JVNDB: JVNDB-2015-003250

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4209	Trust: 2.9
db:	BID	id:	75351	Trust: 1.5
db:	SECTRACK	id:	1032705	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-003250	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-407	Trust: 0.7
db:	VULHUB	id:	VHN-82170	Trust: 0.1
db:	VULMON	id:	CVE-2015-4209	Trust: 0.1

sources: VULHUB: VHN-82170 // VULMON: CVE-2015-4209 // BID: 75351 // JVNDB: JVNDB-2015-003250 // CNNVD: CNNVD-201506-407 // NVD: CVE-2015-4209

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39459	Trust: 2.1
url:	http://www.securityfocus.com/bid/75351	Trust: 1.3
url:	http://www.securitytracker.com/id/1032705	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4209	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4209	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.webex.com/products/enterprise_meetings.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150622-cve-2015-4209	Trust: 0.1

sources: VULHUB: VHN-82170 // VULMON: CVE-2015-4209 // BID: 75351 // JVNDB: JVNDB-2015-003250 // CNNVD: CNNVD-201506-407 // NVD: CVE-2015-4209

CREDITS

Cisco

Trust: 0.3

sources: BID: 75351

SOURCES

db:	VULHUB	id:	VHN-82170
db:	VULMON	id:	CVE-2015-4209
db:	BID	id:	75351
db:	JVNDB	id:	JVNDB-2015-003250
db:	CNNVD	id:	CNNVD-201506-407
db:	NVD	id:	CVE-2015-4209

LAST UPDATE DATE

2024-11-23T22:01:44.842000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82170	date:	2016-12-28T00:00:00
db:	VULMON	id:	CVE-2015-4209	date:	2016-12-28T00:00:00
db:	BID	id:	75351	date:	2015-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-003250	date:	2015-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201506-407	date:	2015-06-24T00:00:00
db:	NVD	id:	CVE-2015-4209	date:	2024-11-21T02:30:38.293

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82170	date:	2015-06-23T00:00:00
db:	VULMON	id:	CVE-2015-4209	date:	2015-06-23T00:00:00
db:	BID	id:	75351	date:	2015-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-003250	date:	2015-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201506-407	date:	2015-06-24T00:00:00
db:	NVD	id:	CVE-2015-4209	date:	2015-06-23T14:59:04.557