Details of VAR-201608-0246

ID

VAR-201608-0246

CVE

CVE-2016-1484

TITLE

Cisco WebEx Meetings Server Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2016-004441

DESCRIPTION

Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. Cisco WebEx Meetings Server is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuy92724. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. An information disclosure vulnerability exists in CWMS version 2.6

Trust: 1.98

sources: NVD: CVE-2016-1484 // JVNDB: JVNDB-2016-004441 // BID: 92519 // VULHUB: VHN-90303

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6.0	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6.1.39	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6	Trust: 1.1

sources: BID: 92519 // JVNDB: JVNDB-2016-004441 // CNNVD: CNNVD-201608-014 // NVD: CVE-2016-1484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1484
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1484
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201608-014
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90303
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1484
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90303
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1484
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90303 // JVNDB: JVNDB-2016-004441 // CNNVD: CNNVD-201608-014 // NVD: CVE-2016-1484

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-200	Trust: 1.9

sources: VULHUB: VHN-90303 // JVNDB: JVNDB-2016-004441 // NVD: CVE-2016-1484

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-014

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201608-014

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004441

PATCH

title:	cisco-sa-20160817-wms1	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-wms1	Trust: 0.8
title:	Cisco WebEx Meetings Server Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63643	Trust: 0.6

sources: JVNDB: JVNDB-2016-004441 // CNNVD: CNNVD-201608-014

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1484	Trust: 2.8
db:	BID	id:	92519	Trust: 1.4
db:	SECTRACK	id:	1036649	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-004441	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-014	Trust: 0.7
db:	VULHUB	id:	VHN-90303	Trust: 0.1

sources: VULHUB: VHN-90303 // BID: 92519 // JVNDB: JVNDB-2016-004441 // CNNVD: CNNVD-201608-014 // NVD: CVE-2016-1484

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-wms1	Trust: 2.0
url:	http://www.securityfocus.com/bid/92519	Trust: 1.1
url:	http://www.securitytracker.com/id/1036649	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1484	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1484	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90303 // BID: 92519 // JVNDB: JVNDB-2016-004441 // CNNVD: CNNVD-201608-014 // NVD: CVE-2016-1484

CREDITS

Cisco

Trust: 0.3

sources: BID: 92519

SOURCES

db:	VULHUB	id:	VHN-90303
db:	BID	id:	92519
db:	JVNDB	id:	JVNDB-2016-004441
db:	CNNVD	id:	CNNVD-201608-014
db:	NVD	id:	CVE-2016-1484

LAST UPDATE DATE

2024-11-23T22:38:43.738000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90303	date:	2017-08-16T00:00:00
db:	BID	id:	92519	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004441	date:	2016-08-24T00:00:00
db:	CNNVD	id:	CNNVD-201608-014	date:	2016-08-24T00:00:00
db:	NVD	id:	CVE-2016-1484	date:	2024-11-21T02:46:31.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90303	date:	2016-08-23T00:00:00
db:	BID	id:	92519	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004441	date:	2016-08-24T00:00:00
db:	CNNVD	id:	CNNVD-201608-014	date:	2016-08-18T00:00:00
db:	NVD	id:	CVE-2016-1484	date:	2016-08-23T02:10:21.317