Sign-up

ID

VAR-201801-1062


CVE

CVE-2018-0111


TITLE

Cisco WebEx Meetings Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-001495

DESCRIPTION

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by utilizing available resources to study the customer network. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCvg46806. Vendors have confirmed this vulnerability Bug ID CSCvg46806 It is released as.Information may be obtained. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2018-0111 // JVNDB: JVNDB-2018-001495 // BID: 102723 // VULHUB: VHN-118313

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 1.4

vendor:ciscomodel:webex meetings serverscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:3.0

Trust: 0.3

sources: BID: 102723 // JVNDB: JVNDB-2018-001495 // CNNVD: CNNVD-201801-611 // NVD: CVE-2018-0111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0111
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0111
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201801-611
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118313
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0111
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118313
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0111
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118313 // JVNDB: JVNDB-2018-001495 // CNNVD: CNNVD-201801-611 // NVD: CVE-2018-0111

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-118313 // JVNDB: JVNDB-2018-001495 // NVD: CVE-2018-0111

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-611

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201801-611

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001495

PATCH
title:cisco-sa-20180117-wms3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3
Trust: 0.8
title:Cisco WebEx Meetings Server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77791
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001495 // 
            
            
            
            CNNVD: CNNVD-201801-611

EXTERNAL IDS
db:NVDid:CVE-2018-0111
Trust: 2.8
db:BIDid:102723
Trust: 2.0
db:SECTRACKid:1040237
Trust: 1.7
db:JVNDBid:JVNDB-2018-001495
Trust: 0.8
db:CNNVDid:CNNVD-201801-611
Trust: 0.7
db:VULHUBid:VHN-118313
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118313 // 
            
            
            
            BID: 102723 // 
            
            
            
            JVNDB: JVNDB-2018-001495 // 
            
            
            
            CNNVD: CNNVD-201801-611 // 
            
            
            
            NVD: CVE-2018-0111

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-wms3
Trust: 2.0
url:http://www.securityfocus.com/bid/102723
Trust: 1.7
url:http://www.securitytracker.com/id/1040237
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0111
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0111
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118313 // 
            
            
            
            BID: 102723 // 
            
            
            
            JVNDB: JVNDB-2018-001495 // 
            
            
            
            CNNVD: CNNVD-201801-611 // 
            
            
            
            NVD: CVE-2018-0111

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 102723

SOURCES
db:VULHUBid:VHN-118313
db:BIDid:102723
db:JVNDBid:JVNDB-2018-001495
db:CNNVDid:CNNVD-201801-611
db:NVDid:CVE-2018-0111

LAST UPDATE DATE
2024-11-23T22:30:31.887000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118313date:2019-10-09T00:00:00
db:BIDid:102723date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001495date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201801-611date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0111date:2024-11-21T03:37:32.597

SOURCES RELEASE DATE
db:VULHUBid:VHN-118313date:2018-01-18T00:00:00
db:BIDid:102723date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001495date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201801-611date:2018-01-22T00:00:00
db:NVDid:CVE-2018-0111date:2018-01-18T06:29:01.487