Sign-up

ID

VAR-201604-0564


CVE

CVE-2016-1389


TITLE

Cisco WebEx Meetings Server Open redirect vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2016-002413 // CNNVD: CNNVD-201604-623

DESCRIPTION

Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695. Vendors have confirmed this vulnerability Bug ID CSCuy44695 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlAny user by a third party Web You may be redirected to a site and run a phishing attack. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2016-1389 // JVNDB: JVNDB-2016-002413 // BID: 88924 // VULHUB: VHN-90208

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 0.8

sources: JVNDB: JVNDB-2016-002413 // CNNVD: CNNVD-201604-623 // NVD: CVE-2016-1389

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1389
value: HIGH

Trust: 1.0

NVD: CVE-2016-1389
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201604-623
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90208
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1389
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90208
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1389
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90208 // JVNDB: JVNDB-2016-002413 // CNNVD: CNNVD-201604-623 // NVD: CVE-2016-1389

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2016-002413 // NVD: CVE-2016-1389

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-623

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201604-623

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002413

PATCH
title:cisco-sa-20160428-cwmsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms
Trust: 0.8
title:Cisco WebEx Meetings Server Fixes for open redirect vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61306
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002413 // 
            
            
            
            CNNVD: CNNVD-201604-623

EXTERNAL IDS
db:NVDid:CVE-2016-1389
Trust: 2.8
db:SECTRACKid:1035703
Trust: 1.1
db:JVNDBid:JVNDB-2016-002413
Trust: 0.8
db:CNNVDid:CNNVD-201604-623
Trust: 0.7
db:BIDid:88924
Trust: 0.4
db:VULHUBid:VHN-90208
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90208 // 
            
            
            
            BID: 88924 // 
            
            
            
            JVNDB: JVNDB-2016-002413 // 
            
            
            
            CNNVD: CNNVD-201604-623 // 
            
            
            
            NVD: CVE-2016-1389

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-cwms
Trust: 1.7
url:http://www.securitytracker.com/id/1035703
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1389
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1389
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90208 // 
            
            
            
            BID: 88924 // 
            
            
            
            JVNDB: JVNDB-2016-002413 // 
            
            
            
            CNNVD: CNNVD-201604-623 // 
            
            
            
            NVD: CVE-2016-1389

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 88924

SOURCES
db:VULHUBid:VHN-90208
db:BIDid:88924
db:JVNDBid:JVNDB-2016-002413
db:CNNVDid:CNNVD-201604-623
db:NVDid:CVE-2016-1389

LAST UPDATE DATE
2024-11-23T22:01:32.833000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90208date:2016-12-03T00:00:00
db:BIDid:88924date:2016-04-28T00:00:00
db:JVNDBid:JVNDB-2016-002413date:2016-05-06T00:00:00
db:CNNVDid:CNNVD-201604-623date:2016-04-29T00:00:00
db:NVDid:CVE-2016-1389date:2024-11-21T02:46:21.113

SOURCES RELEASE DATE
db:VULHUBid:VHN-90208date:2016-04-28T00:00:00
db:BIDid:88924date:2016-04-28T00:00:00
db:JVNDBid:JVNDB-2016-002413date:2016-05-06T00:00:00
db:CNNVDid:CNNVD-201604-623date:2016-04-29T00:00:00
db:NVDid:CVE-2016-1389date:2016-04-28T22:59:01.273