Sign-up

ID

VAR-201801-1060


CVE

CVE-2018-0109


TITLE

Cisco WebEx Meetings Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-001494

DESCRIPTION

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that could allow an attacker who is authenticated as root to gain shared secrets. An attacker could exploit the vulnerability by accessing the root account and viewing sensitive information. Successful exploitation could allow the attacker to discover sensitive information about the application. Cisco Bug IDs: CSCvg42664. Vendors have confirmed this vulnerability Bug ID CSCvg42664 It is released as.Information may be obtained. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2018-0109 // JVNDB: JVNDB-2018-001494 // BID: 102722 // VULHUB: VHN-118311

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 1.4

vendor:ciscomodel:webex meetings serverscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 0.3

sources: BID: 102722 // JVNDB: JVNDB-2018-001494 // CNNVD: CNNVD-201801-613 // NVD: CVE-2018-0109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0109
value: LOW

Trust: 1.0

NVD: CVE-2018-0109
value: LOW

Trust: 0.8

CNNVD: CNNVD-201801-613
value: LOW

Trust: 0.6

VULHUB: VHN-118311
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0109
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118311
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0109
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118311 // JVNDB: JVNDB-2018-001494 // CNNVD: CNNVD-201801-613 // NVD: CVE-2018-0109

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-118311 // JVNDB: JVNDB-2018-001494 // NVD: CVE-2018-0109

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-613

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201801-613

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001494

PATCH
title:cisco-sa-20180117-wms1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1
Trust: 0.8
title:Cisco WebEx Meetings Server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77793
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001494 // 
            
            
            
            CNNVD: CNNVD-201801-613

EXTERNAL IDS
db:NVDid:CVE-2018-0109
Trust: 2.8
db:BIDid:102722
Trust: 2.0
db:SECTRACKid:1040235
Trust: 1.7
db:JVNDBid:JVNDB-2018-001494
Trust: 0.8
db:CNNVDid:CNNVD-201801-613
Trust: 0.7
db:VULHUBid:VHN-118311
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118311 // 
            
            
            
            BID: 102722 // 
            
            
            
            JVNDB: JVNDB-2018-001494 // 
            
            
            
            CNNVD: CNNVD-201801-613 // 
            
            
            
            NVD: CVE-2018-0109

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-wms1
Trust: 2.0
url:http://www.securityfocus.com/bid/102722
Trust: 1.7
url:http://www.securitytracker.com/id/1040235
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0109
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0109
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118311 // 
            
            
            
            BID: 102722 // 
            
            
            
            JVNDB: JVNDB-2018-001494 // 
            
            
            
            CNNVD: CNNVD-201801-613 // 
            
            
            
            NVD: CVE-2018-0109

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 102722

SOURCES
db:VULHUBid:VHN-118311
db:BIDid:102722
db:JVNDBid:JVNDB-2018-001494
db:CNNVDid:CNNVD-201801-613
db:NVDid:CVE-2018-0109

LAST UPDATE DATE
2024-11-23T22:07:01.478000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118311date:2019-10-09T00:00:00
db:BIDid:102722date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001494date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201801-613date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0109date:2024-11-21T03:37:32.353

SOURCES RELEASE DATE
db:VULHUBid:VHN-118311date:2018-01-18T00:00:00
db:BIDid:102722date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001494date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201801-613date:2018-01-22T00:00:00
db:NVDid:CVE-2018-0109date:2018-01-18T06:29:01.393