Sign-up

ID

VAR-201507-0510


CVE

CVE-2015-4281


TITLE

Cisco WebEx Meetings Server Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-003885

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDs CSCus56150 and CSCus56146. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 2.07

sources: NVD: CVE-2015-4281 // JVNDB: JVNDB-2015-003885 // BID: 75979 // VULHUB: VHN-82242 // VULMON: CVE-2015-4281

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5\(1\)

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5mr1

Trust: 0.8

vendor:ciscomodel:webex meetings server mr1scope:eqversion:2.5

Trust: 0.3

sources: BID: 75979 // JVNDB: JVNDB-2015-003885 // CNNVD: CNNVD-201507-709 // NVD: CVE-2015-4281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4281
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4281
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-709
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82242
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-4281
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4281
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-82242
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82242 // VULMON: CVE-2015-4281 // JVNDB: JVNDB-2015-003885 // CNNVD: CNNVD-201507-709 // NVD: CVE-2015-4281

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-82242 // JVNDB: JVNDB-2015-003885 // NVD: CVE-2015-4281

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-709

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201507-709

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003885

PATCH
title:40021url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40021
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003885

EXTERNAL IDS
db:NVDid:CVE-2015-4281
Trust: 2.9
db:BIDid:75979
Trust: 1.5
db:SECTRACKid:1033016
Trust: 1.2
db:JVNDBid:JVNDB-2015-003885
Trust: 0.8
db:CNNVDid:CNNVD-201507-709
Trust: 0.7
db:VULHUBid:VHN-82242
Trust: 0.1
db:VULMONid:CVE-2015-4281
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82242 // 
            
            
            
            VULMON: CVE-2015-4281 // 
            
            
            
            BID: 75979 // 
            
            
            
            JVNDB: JVNDB-2015-003885 // 
            
            
            
            CNNVD: CNNVD-201507-709 // 
            
            
            
            NVD: CVE-2015-4281

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40021
Trust: 2.1
url:http://www.securityfocus.com/bid/75979
Trust: 1.3
url:http://www.securitytracker.com/id/1033016
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4281
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4281
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82242 // 
            
            
            
            VULMON: CVE-2015-4281 // 
            
            
            
            BID: 75979 // 
            
            
            
            JVNDB: JVNDB-2015-003885 // 
            
            
            
            CNNVD: CNNVD-201507-709 // 
            
            
            
            NVD: CVE-2015-4281

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75979

SOURCES
db:VULHUBid:VHN-82242
db:VULMONid:CVE-2015-4281
db:BIDid:75979
db:JVNDBid:JVNDB-2015-003885
db:CNNVDid:CNNVD-201507-709
db:NVDid:CVE-2015-4281

LAST UPDATE DATE
2024-11-23T22:27:05.711000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82242date:2017-09-21T00:00:00
db:VULMONid:CVE-2015-4281date:2017-09-21T00:00:00
db:BIDid:75979date:2015-07-21T00:00:00
db:JVNDBid:JVNDB-2015-003885date:2015-07-23T00:00:00
db:CNNVDid:CNNVD-201507-709date:2015-07-23T00:00:00
db:NVDid:CVE-2015-4281date:2024-11-21T02:30:45.643

SOURCES RELEASE DATE
db:VULHUBid:VHN-82242date:2015-07-22T00:00:00
db:VULMONid:CVE-2015-4281date:2015-07-22T00:00:00
db:BIDid:75979date:2015-07-21T00:00:00
db:JVNDBid:JVNDB-2015-003885date:2015-07-23T00:00:00
db:CNNVDid:CNNVD-201507-709date:2015-07-23T00:00:00
db:NVDid:CVE-2015-4281date:2015-07-22T14:59:01.017