Details of VAR-201710-0080

ID

VAR-201710-0080

CVE

CVE-2014-0691

TITLE

Cisco WebEx Meetings Server Vulnerabilities related to lack of entropy

Trust: 0.8

sources: JVNDB: JVNDB-2014-008433

DESCRIPTION

Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643. Cisco WebEx Meetings Server Contains a vulnerability related to lack of entropy. Vendors have confirmed this vulnerability Bug ID CSCuc79643 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linux kernel is prone to a local memory-corruption vulnerability. Successfully exploiting this issue will allow an attacker to cause a memory leak to obtain sensitive information. Failed exploit attempts will likely crash the kernel, denying service to legitimate users. Note: This BID is being retired as a duplicate of the issue discussed in BID 65588 (Linux Kernel '/fs/cifs/file.c' Local Memory Corruption Vulnerability). Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. A security vulnerability existed in versions of CWMS prior to 1.1

Trust: 1.98

sources: NVD: CVE-2014-0691 // JVNDB: JVNDB-2014-008433 // BID: 67543 // VULHUB: VHN-68184

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.0	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	lt	version:	1.1	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.0	Trust: 0.6

sources: JVNDB: JVNDB-2014-008433 // CNNVD: CNNVD-201710-1138 // NVD: CVE-2014-0691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0691
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0691
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201710-1138
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68184
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0691
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68184
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-0691
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-68184 // JVNDB: JVNDB-2014-008433 // CNNVD: CNNVD-201710-1138 // NVD: CVE-2014-0691

PROBLEMTYPE DATA

problemtype:

CWE-331

Trust: 1.9

sources: VULHUB: VHN-68184 // JVNDB: JVNDB-2014-008433 // NVD: CVE-2014-0691

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-1138

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201710-1138

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008433

PATCH

title:	Release Notes for Cisco WebEx Meetings Server Release 1.1	url:	https://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/1_1/b_Release_Notes.html	Trust: 0.8
title:	Cisco WebEx Meetings Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75973	Trust: 0.6

sources: JVNDB: JVNDB-2014-008433 // CNNVD: CNNVD-201710-1138

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0691	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-008433	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-1138	Trust: 0.7
db:	BID	id:	67543	Trust: 0.4
db:	VULHUB	id:	VHN-68184	Trust: 0.1

sources: VULHUB: VHN-68184 // BID: 67543 // JVNDB: JVNDB-2014-008433 // CNNVD: CNNVD-201710-1138 // NVD: CVE-2014-0691

REFERENCES

url:	https://www.cisco.com/c/en/us/td/docs/collaboration/cwms/1_1/b_release_notes.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0691	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0691	Trust: 0.8
url:	http://www.kernel.org/	Trust: 0.3

sources: VULHUB: VHN-68184 // BID: 67543 // JVNDB: JVNDB-2014-008433 // CNNVD: CNNVD-201710-1138 // NVD: CVE-2014-0691

CREDITS

Al Viro

Trust: 0.3

sources: BID: 67543

SOURCES

db:	VULHUB	id:	VHN-68184
db:	BID	id:	67543
db:	JVNDB	id:	JVNDB-2014-008433
db:	CNNVD	id:	CNNVD-201710-1138
db:	NVD	id:	CVE-2014-0691

LAST UPDATE DATE

2024-11-23T22:38:25.142000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68184	date:	2017-11-14T00:00:00
db:	BID	id:	67543	date:	2014-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-008433	date:	2017-11-17T00:00:00
db:	CNNVD	id:	CNNVD-201710-1138	date:	2017-10-31T00:00:00
db:	NVD	id:	CVE-2014-0691	date:	2024-11-21T02:02:39.777

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68184	date:	2017-10-24T00:00:00
db:	BID	id:	67543	date:	2014-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-008433	date:	2017-11-17T00:00:00
db:	CNNVD	id:	CNNVD-201710-1138	date:	2017-10-31T00:00:00
db:	NVD	id:	CVE-2014-0691	date:	2017-10-24T14:29:00.207