Sign-up

ID

VAR-201605-0386


CVE

CVE-2016-1410


TITLE

Cisco WebEx Meeting Center Original Release Base Vulnerabilities in which important information about the validity of user names can be obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-002957

DESCRIPTION

Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. Cisco WebEx Meeting Center is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. This issue being tracked by Cisco Bug IDs CSCux84312 and CSCux84317. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2016-1410 // JVNDB: JVNDB-2016-002957 // BID: 90908 // VULHUB: VHN-90229

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2016-002957 // CNNVD: CNNVD-201605-653 // NVD: CVE-2016-1410

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1410
value: HIGH

Trust: 1.0

NVD: CVE-2016-1410
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201605-653
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90229
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1410
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90229
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1410
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90229 // JVNDB: JVNDB-2016-002957 // CNNVD: CNNVD-201605-653 // NVD: CVE-2016-1410

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-90229 // JVNDB: JVNDB-2016-002957 // NVD: CVE-2016-1410

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-653

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201605-653

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002957

PATCH
title:Cisco WebEx Meeting Centerurl:http://www.cisco.com/web/JP/product/hs/webex/meetingcenter/index.html
Trust: 0.8
title:Cisco WebEx Meeting Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61963
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002957 // 
            
            
            
            CNNVD: CNNVD-201605-653

EXTERNAL IDS
db:NVDid:CVE-2016-1410
Trust: 2.8
db:BIDid:90908
Trust: 1.4
db:SECTRACKid:1035977
Trust: 1.1
db:JVNDBid:JVNDB-2016-002957
Trust: 0.8
db:CNNVDid:CNNVD-201605-653
Trust: 0.7
db:VULHUBid:VHN-90229
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90229 // 
            
            
            
            BID: 90908 // 
            
            
            
            JVNDB: JVNDB-2016-002957 // 
            
            
            
            CNNVD: CNNVD-201605-653 // 
            
            
            
            NVD: CVE-2016-1410

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160526-wmc
Trust: 1.7
url:http://www.securityfocus.com/bid/90908
Trust: 1.1
url:http://www.securitytracker.com/id/1035977
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1410
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1410
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90229 // 
            
            
            
            BID: 90908 // 
            
            
            
            JVNDB: JVNDB-2016-002957 // 
            
            
            
            CNNVD: CNNVD-201605-653 // 
            
            
            
            NVD: CVE-2016-1410

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 90908

SOURCES
db:VULHUBid:VHN-90229
db:BIDid:90908
db:JVNDBid:JVNDB-2016-002957
db:CNNVDid:CNNVD-201605-653
db:NVDid:CVE-2016-1410

LAST UPDATE DATE
2024-11-23T22:01:32.369000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90229date:2016-12-01T00:00:00
db:BIDid:90908date:2016-07-06T14:57:00
db:JVNDBid:JVNDB-2016-002957date:2016-06-01T00:00:00
db:CNNVDid:CNNVD-201605-653date:2016-05-30T00:00:00
db:NVDid:CVE-2016-1410date:2024-11-21T02:46:23.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90229date:2016-05-28T00:00:00
db:BIDid:90908date:2016-05-26T00:00:00
db:JVNDBid:JVNDB-2016-002957date:2016-06-01T00:00:00
db:CNNVDid:CNNVD-201605-653date:2016-05-27T00:00:00
db:NVDid:CVE-2016-1410date:2016-05-28T01:59:01.307