Sign-up

ID

VAR-201607-0431


CVE

CVE-2016-1450


TITLE

Cisco WebEx Meetings Server Vulnerable to command injection attacks

Trust: 0.8

sources: JVNDB: JVNDB-2016-003782

DESCRIPTION

Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715. Cisco WebEx Meetings Server Contains a vulnerability that allows a command injection attack to be executed. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected system. This issue is being tracked by Cisco bug ID CSCuy92715. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. A security vulnerability exists in CWMS version 2.6

Trust: 1.98

sources: NVD: CVE-2016-1450 // JVNDB: JVNDB-2016-003782 // BID: 91779 // VULHUB: VHN-90269

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.1.39

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 1.1

sources: BID: 91779 // JVNDB: JVNDB-2016-003782 // CNNVD: CNNVD-201607-431 // NVD: CVE-2016-1450

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1450
value: HIGH

Trust: 1.0

NVD: CVE-2016-1450
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201607-431
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90269
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1450
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90269
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1450
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90269 // JVNDB: JVNDB-2016-003782 // CNNVD: CNNVD-201607-431 // NVD: CVE-2016-1450

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-90269 // JVNDB: JVNDB-2016-003782 // NVD: CVE-2016-1450

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-431

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201607-431

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003782

PATCH
title:cisco-sa-20160714-wms4url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms4
Trust: 0.8
title:Cisco WebEx Meetings Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62973
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-003782 // 
            
            
            
            CNNVD: CNNVD-201607-431

EXTERNAL IDS
db:NVDid:CVE-2016-1450
Trust: 2.8
db:BIDid:91779
Trust: 1.4
db:SECTRACKid:1036315
Trust: 1.1
db:JVNDBid:JVNDB-2016-003782
Trust: 0.8
db:CNNVDid:CNNVD-201607-431
Trust: 0.7
db:VULHUBid:VHN-90269
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90269 // 
            
            
            
            BID: 91779 // 
            
            
            
            JVNDB: JVNDB-2016-003782 // 
            
            
            
            CNNVD: CNNVD-201607-431 // 
            
            
            
            NVD: CVE-2016-1450

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160714-wms4
Trust: 2.0
url:http://www.securityfocus.com/bid/91779
Trust: 1.1
url:http://www.securitytracker.com/id/1036315
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1450
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1450
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90269 // 
            
            
            
            BID: 91779 // 
            
            
            
            JVNDB: JVNDB-2016-003782 // 
            
            
            
            CNNVD: CNNVD-201607-431 // 
            
            
            
            NVD: CVE-2016-1450

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 91779

SOURCES
db:VULHUBid:VHN-90269
db:BIDid:91779
db:JVNDBid:JVNDB-2016-003782
db:CNNVDid:CNNVD-201607-431
db:NVDid:CVE-2016-1450

LAST UPDATE DATE
2024-11-23T22:22:44.722000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90269date:2017-09-01T00:00:00
db:BIDid:91779date:2016-07-14T00:00:00
db:JVNDBid:JVNDB-2016-003782date:2016-07-21T00:00:00
db:CNNVDid:CNNVD-201607-431date:2016-07-18T00:00:00
db:NVDid:CVE-2016-1450date:2024-11-21T02:46:27.970

SOURCES RELEASE DATE
db:VULHUBid:VHN-90269date:2016-07-15T00:00:00
db:BIDid:91779date:2016-07-14T00:00:00
db:JVNDBid:JVNDB-2016-003782date:2016-07-21T00:00:00
db:CNNVDid:CNNVD-201607-431date:2016-07-18T00:00:00
db:NVDid:CVE-2016-1450date:2016-07-15T16:59:04.173