All the vulnerabilites related to cisco - webex_meeting_center
cve-2017-3823
Vulnerability from cvelistv5
Published
2017-02-01 11:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 | x_refsource_MISC | |
| https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/909240 | third-party-advisory, x_refsource_CERT-VN | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex | x_refsource_CONFIRM | |
| https://blog.filippo.io/webex-extension-vulnerability/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95737 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037680 | vdb-entry, x_refsource_SECTRACK | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx browser extensions |
Version: Cisco WebEx browser extensions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name": "VU#909240",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name": "95737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"name": "1037680",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037680"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx browser extensions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx browser extensions"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name": "VU#909240",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name": "95737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"name": "1037680",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037680"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx browser extensions",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx browser extensions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"name": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name": "VU#909240",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"name": "https://blog.filippo.io/webex-extension-vulnerability/",
"refsource": "MISC",
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name": "95737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95737"
},
{
"name": "1037680",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037680"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-3823",
"datePublished": "2017-02-01T11:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-05T14:39:40.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3311
Vulnerability from cvelistv5
Published
2014-07-10 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/68502 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030550 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94432 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:04.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140709 Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311"
},
{
"name": "68502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68502"
},
{
"name": "1030550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030550"
},
{
"name": "cisco-webex-cve20143311-bo(94432)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140709 Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311"
},
{
"name": "68502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68502"
},
{
"name": "1030550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030550"
},
{
"name": "cisco-webex-cve20143311-bo(94432)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140709 Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311"
},
{
"name": "68502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68502"
},
{
"name": "1030550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030550"
},
{
"name": "cisco-webex-cve20143311-bo(94432)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3311",
"datePublished": "2014-07-10T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:04.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12365
Vulnerability from cvelistv5
Published
2017-11-30 09:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101999 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039920 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx Event Center |
Version: Cisco WebEx Event Center |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:56.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4"
},
{
"name": "1039920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039920"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Event Center",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Event Center"
}
]
}
],
"datePublic": "2017-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "101999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4"
},
{
"name": "1039920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039920"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Event Center",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Event Center"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101999"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4"
},
{
"name": "1039920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039920"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12365",
"datePublished": "2017-11-30T09:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:56.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15987
Vulnerability from cvelistv5
Published
2019-11-26 03:42
Modified
2024-11-19 18:51
Severity ?
EPSS score ?
Summary
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco WebEx Event Center |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191120 Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T17:22:21.467673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:51:20.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Event Center",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T03:42:14",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20191120 Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
],
"source": {
"advisory": "cisco-sa-20191120-webex-centers-infodis",
"defect": [
[
"CSCvq81213",
"CSCvq81230"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-11-20T16:00:00-0800",
"ID": "CVE-2019-15987",
"STATE": "PUBLIC",
"TITLE": "Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Event Center",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191120 Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
]
},
"source": {
"advisory": "cisco-sa-20191120-webex-centers-infodis",
"defect": [
[
"CSCvq81213",
"CSCvq81230"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-15987",
"datePublished": "2019-11-26T03:42:14.157661Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-19T18:51:20.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12366
Vulnerability from cvelistv5
Published
2017-11-30 09:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039918 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101984 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx Meeting Center |
Version: Cisco WebEx Meeting Center |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:56.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039918"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5"
},
{
"name": "101984",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Meeting Center",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Meeting Center"
}
]
}
],
"datePublic": "2017-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1039918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039918"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5"
},
{
"name": "101984",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101984"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Meeting Center",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Meeting Center"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039918",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039918"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5"
},
{
"name": "101984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101984"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12366",
"datePublished": "2017-11-30T09:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:56.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3799
Vulnerability from cvelistv5
Published
2017-01-26 07:45
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037647 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95642 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx Meeting Center T28.1 |
Version: Cisco WebEx Meeting Center T28.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4"
},
{
"name": "95642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Meeting Center T28.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Meeting Center T28.1"
}
]
}
],
"datePublic": "2017-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-25T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1037647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4"
},
{
"name": "95642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Meeting Center T28.1",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Meeting Center T28.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037647"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4"
},
{
"name": "95642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-3799",
"datePublished": "2017-01-26T07:45:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-05T14:39:40.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6962
Vulnerability from cvelistv5
Published
2013-12-14 22:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029494 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6962 | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89694 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/100906 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/64275 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029494",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "20131212 Cisco WebEx Meeting Center Mobile Browser Redirection Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6962"
},
{
"name": "cisco-webex-cve20136962-xss(89694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89694"
},
{
"name": "100906",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100906"
},
{
"name": "64275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1029494",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "20131212 Cisco WebEx Meeting Center Mobile Browser Redirection Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6962"
},
{
"name": "cisco-webex-cve20136962-xss(89694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89694"
},
{
"name": "100906",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100906"
},
{
"name": "64275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029494",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "20131212 Cisco WebEx Meeting Center Mobile Browser Redirection Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6962"
},
{
"name": "cisco-webex-cve20136962-xss(89694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89694"
},
{
"name": "100906",
"refsource": "OSVDB",
"url": "http://osvdb.org/100906"
},
{
"name": "64275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6962",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6964
Vulnerability from cvelistv5
Published
2013-12-14 22:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/100908 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id/1029494 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32158 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964 | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89690 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/64280 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100908",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100908"
},
{
"name": "1029494",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158"
},
{
"name": "20131212 Cisco WebEx Business Suite Site Access Control Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964"
},
{
"name": "cisco-webex-cve20136964-sec-bypass(89690)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89690"
},
{
"name": "64280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "100908",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100908"
},
{
"name": "1029494",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158"
},
{
"name": "20131212 Cisco WebEx Business Suite Site Access Control Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964"
},
{
"name": "cisco-webex-cve20136964-sec-bypass(89690)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89690"
},
{
"name": "64280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100908",
"refsource": "OSVDB",
"url": "http://osvdb.org/100908"
},
{
"name": "1029494",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158"
},
{
"name": "20131212 Cisco WebEx Business Suite Site Access Control Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964"
},
{
"name": "cisco-webex-cve20136964-sec-bypass(89690)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89690"
},
{
"name": "64280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6964",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12286
Vulnerability from cvelistv5
Published
2017-10-19 08:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039625 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101515 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Jabber |
Version: Cisco Jabber |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:55.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039625",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1"
},
{
"name": "101515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Jabber",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Jabber"
}
]
}
],
"datePublic": "2017-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T09:57:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1039625",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1"
},
{
"name": "101515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Jabber",
"version": {
"version_data": [
{
"version_value": "Cisco Jabber"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039625",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039625"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1"
},
{
"name": "101515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12286",
"datePublished": "2017-10-19T08:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:55.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4207
Vulnerability from cvelistv5
Published
2015-06-23 14:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/75350 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39457 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032705 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75350"
},
{
"name": "20150622 Cisco WebEx Meetings Meeting Access Number Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39457"
},
{
"name": "1032705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center places a meeting\u0027s access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "75350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75350"
},
{
"name": "20150622 Cisco WebEx Meetings Meeting Access Number Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39457"
},
{
"name": "1032705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco WebEx Meeting Center places a meeting\u0027s access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75350"
},
{
"name": "20150622 Cisco WebEx Meetings Meeting Access Number Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39457"
},
{
"name": "1032705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4207",
"datePublished": "2015-06-23T14:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0590
Vulnerability from cvelistv5
Published
2015-01-17 11:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1031558 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100576 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150115 Cisco Hosted WebEx Meeting Center Information Disclosure",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590"
},
{
"name": "1031558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031558"
},
{
"name": "cisco-webexmc-cve20150590-info-disc(100576)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150115 Cisco Hosted WebEx Meeting Center Information Disclosure",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590"
},
{
"name": "1031558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031558"
},
{
"name": "cisco-webexmc-cve20150590-info-disc(100576)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100576"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150115 Cisco Hosted WebEx Meeting Center Information Disclosure",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590"
},
{
"name": "1031558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031558"
},
{
"name": "cisco-webexmc-cve20150590-info-disc(100576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100576"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0590",
"datePublished": "2015-01-17T11:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0583
Vulnerability from cvelistv5
Published
2015-01-14 19:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/72012 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100565 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0583 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72012"
},
{
"name": "cisco-webex-cve20150583-info-disc(100565)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100565"
},
{
"name": "20150112 Cisco WebEx Meetings Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "72012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72012"
},
{
"name": "cisco-webex-cve20150583-info-disc(100565)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100565"
},
{
"name": "20150112 Cisco WebEx Meetings Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72012"
},
{
"name": "cisco-webex-cve20150583-info-disc(100565)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100565"
},
{
"name": "20150112 Cisco WebEx Meetings Server Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0583",
"datePublished": "2015-01-14T19:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3310
Vulnerability from cvelistv5
Published
2014-07-10 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1030551 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/68503 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94431 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140709 Cisco WebEx Meetings Client Arbitrary File Download Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310"
},
{
"name": "1030551",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030551"
},
{
"name": "68503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68503"
},
{
"name": "cisco-webex-cve20143310-info-disc(94431)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140709 Cisco WebEx Meetings Client Arbitrary File Download Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310"
},
{
"name": "1030551",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030551"
},
{
"name": "68503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68503"
},
{
"name": "cisco-webex-cve20143310-info-disc(94431)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140709 Cisco WebEx Meetings Client Arbitrary File Download Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310"
},
{
"name": "1030551",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030551"
},
{
"name": "68503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68503"
},
{
"name": "cisco-webex-cve20143310-info-disc(94431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3310",
"datePublished": "2014-07-10T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6961
Vulnerability from cvelistv5
Published
2013-12-14 22:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89696 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/64288 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1029494 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6961 | vendor-advisory, x_refsource_CISCO | |
| http://osvdb.org/100905 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-webex-cve20136961-xss(89696)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89696"
},
{
"name": "64288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64288"
},
{
"name": "1029494",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "20131212 Cisco WebEx Collaboration Partner Access Console Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6961"
},
{
"name": "100905",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-webex-cve20136961-xss(89696)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89696"
},
{
"name": "64288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64288"
},
{
"name": "1029494",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "20131212 Cisco WebEx Collaboration Partner Access Console Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6961"
},
{
"name": "100905",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-webex-cve20136961-xss(89696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89696"
},
{
"name": "64288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64288"
},
{
"name": "1029494",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "20131212 Cisco WebEx Collaboration Partner Access Console Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6961"
},
{
"name": "100905",
"refsource": "OSVDB",
"url": "http://osvdb.org/100905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6961",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2199
Vulnerability from cvelistv5
Published
2014-05-20 10:00
Modified
2024-08-06 10:05
Severity ?
EPSS score ?
Summary
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=34252 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1030251 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"name": "1030251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030251"
},
{
"name": "20140515 WebEx Meeting Information Disclosure Vulnerability in meetinginfo.do",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-16T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"name": "1030251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030251"
},
{
"name": "20140515 WebEx Meeting Information Disclosure Vulnerability in meetinginfo.do",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"name": "1030251",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030251"
},
{
"name": "20140515 WebEx Meeting Information Disclosure Vulnerability in meetinginfo.do",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2199",
"datePublished": "2014-05-20T10:00:00",
"dateReserved": "2014-02-25T00:00:00",
"dateUpdated": "2024-08-06T10:05:59.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4209
Vulnerability from cvelistv5
Published
2015-06-23 14:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39459 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/75351 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1032705 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:11.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150622 Cisco WebEx Meetings Host Calendar Download Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39459"
},
{
"name": "75351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75351"
},
{
"name": "1032705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150622 Cisco WebEx Meetings Host Calendar Download Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39459"
},
{
"name": "75351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75351"
},
{
"name": "1032705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150622 Cisco WebEx Meetings Host Calendar Download Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39459"
},
{
"name": "75351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75351"
},
{
"name": "1032705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4209",
"datePublished": "2015-06-23T14:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:11.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6960
Vulnerability from cvelistv5
Published
2013-12-14 22:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/100904 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/64273 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1029494 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6960 | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89693 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32152 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100904"
},
{
"name": "64273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64273"
},
{
"name": "1029494",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "20131212 Cisco WebEx Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6960"
},
{
"name": "cisco-webex-cve20136960-xss(89693)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89693"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "100904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100904"
},
{
"name": "64273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64273"
},
{
"name": "1029494",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "20131212 Cisco WebEx Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6960"
},
{
"name": "cisco-webex-cve20136960-xss(89693)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89693"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100904",
"refsource": "OSVDB",
"url": "http://osvdb.org/100904"
},
{
"name": "64273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64273"
},
{
"name": "1029494",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "20131212 Cisco WebEx Multiple Cross-Site Scripting Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6960"
},
{
"name": "cisco-webex-cve20136960-xss(89693)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89693"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32152",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6960",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6753
Vulnerability from cvelistv5
Published
2017-07-25 19:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038911 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/99614 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038910 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1038909 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx Browser Extension |
Version: Cisco WebEx Browser Extension |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038911"
},
{
"name": "99614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name": "1038910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038910"
},
{
"name": "1038909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Browser Extension",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Browser Extension"
}
]
}
],
"datePublic": "2017-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1038911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038911"
},
{
"name": "99614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name": "1038910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038910"
},
{
"name": "1038909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Browser Extension",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Browser Extension"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038911",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038911"
},
{
"name": "99614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99614"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name": "1038910",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038910"
},
{
"name": "1038909",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6753",
"datePublished": "2017-07-25T19:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6970
Vulnerability from cvelistv5
Published
2013-12-14 22:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/64306 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6970 | vendor-advisory, x_refsource_CISCO | |
| http://osvdb.org/101002 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89708 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64306",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64306"
},
{
"name": "20131213 Cisco WebEx Meeting Center Verbose Server Error Responses Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6970"
},
{
"name": "101002",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101002"
},
{
"name": "cisco-webex-cve20136970-sec-bypass(89708)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89708"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "64306",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64306"
},
{
"name": "20131213 Cisco WebEx Meeting Center Verbose Server Error Responses Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6970"
},
{
"name": "101002",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101002"
},
{
"name": "cisco-webex-cve20136970-sec-bypass(89708)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89708"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64306"
},
{
"name": "20131213 Cisco WebEx Meeting Center Verbose Server Error Responses Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6970"
},
{
"name": "101002",
"refsource": "OSVDB",
"url": "http://osvdb.org/101002"
},
{
"name": "cisco-webex-cve20136970-sec-bypass(89708)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89708"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6970",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4210
Vulnerability from cvelistv5
Published
2015-06-23 14:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/75348 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39460 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032705 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:11.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75348",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75348"
},
{
"name": "20150622 Cisco WebEx Meetings Reflected Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39460"
},
{
"name": "1032705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "75348",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75348"
},
{
"name": "20150622 Cisco WebEx Meetings Reflected Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39460"
},
{
"name": "1032705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75348"
},
{
"name": "20150622 Cisco WebEx Meetings Reflected Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39460"
},
{
"name": "1032705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4210",
"datePublished": "2015-06-23T14:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:11.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12297
Vulnerability from cvelistv5
Published
2017-11-30 09:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101985 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039919 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx Meeting Center |
Version: Cisco WebEx Meeting Center |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:55.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc"
},
{
"name": "101985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101985"
},
{
"name": "1039919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039919"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Meeting Center",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Meeting Center"
}
]
}
],
"datePublic": "2017-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a \"URL Redirection Vulnerability.\" The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc"
},
{
"name": "101985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101985"
},
{
"name": "1039919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039919"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Meeting Center",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Meeting Center"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a \"URL Redirection Vulnerability.\" The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc"
},
{
"name": "101985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101985"
},
{
"name": "1039919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039919"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12297",
"datePublished": "2017-11-30T09:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:55.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4212
Vulnerability from cvelistv5
Published
2015-06-24 10:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39467 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/75381 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1032705 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:11.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150623 Cisco WebEx Meeting Center Data and Credential Exposure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39467"
},
{
"name": "75381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75381"
},
{
"name": "1032705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150623 Cisco WebEx Meeting Center Data and Credential Exposure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39467"
},
{
"name": "75381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75381"
},
{
"name": "1032705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150623 Cisco WebEx Meeting Center Data and Credential Exposure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39467"
},
{
"name": "75381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75381"
},
{
"name": "1032705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4212",
"datePublished": "2015-06-24T10:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:11.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4194
Vulnerability from cvelistv5
Published
2015-06-19 01:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39420 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/75296 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1032660 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150618 Cisco WebEx Meeting Center Web-Based Administrative Interface User Enumeration Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39420"
},
{
"name": "75296",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75296"
},
{
"name": "1032660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150618 Cisco WebEx Meeting Center Web-Based Administrative Interface User Enumeration Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39420"
},
{
"name": "75296",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75296"
},
{
"name": "1032660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150618 Cisco WebEx Meeting Center Web-Based Administrative Interface User Enumeration Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39420"
},
{
"name": "75296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75296"
},
{
"name": "1032660",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4194",
"datePublished": "2015-06-19T01:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12298
Vulnerability from cvelistv5
Published
2017-10-19 08:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78615, CSCvf78628.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039619 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101491 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx Meeting Center |
Version: Cisco WebEx Meeting Center |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:56.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1"
},
{
"name": "1039619",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039619"
},
{
"name": "101491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Meeting Center",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Meeting Center"
}
]
}
],
"datePublic": "2017-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78615, CSCvf78628."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-20T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1"
},
{
"name": "1039619",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039619"
},
{
"name": "101491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Meeting Center",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Meeting Center"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78615, CSCvf78628."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1"
},
{
"name": "1039619",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039619"
},
{
"name": "101491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12298",
"datePublished": "2017-10-19T08:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:56.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4208
Vulnerability from cvelistv5
Published
2015-06-24 10:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39458 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/75361 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1032705 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:11.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150623 Cisco WebEx Meeting Center GET Parameter Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39458"
},
{
"name": "75361",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75361"
},
{
"name": "1032705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150623 Cisco WebEx Meeting Center GET Parameter Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39458"
},
{
"name": "75361",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75361"
},
{
"name": "1032705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150623 Cisco WebEx Meeting Center GET Parameter Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39458"
},
{
"name": "75361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75361"
},
{
"name": "1032705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4208",
"datePublished": "2015-06-24T10:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:11.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6360
Vulnerability from cvelistv5
Published
2016-04-21 10:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035650 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035649 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp | vendor-advisory, x_refsource_CISCO | |
| http://www.debian.org/security/2016/dsa-3539 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id/1035651 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035636 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035648 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035652 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035637 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035650"
},
{
"name": "1035649",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035649"
},
{
"name": "20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
},
{
"name": "DSA-3539",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3539"
},
{
"name": "1035651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035651"
},
{
"name": "1035636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035636"
},
{
"name": "1035648",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035648"
},
{
"name": "1035652",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035652"
},
{
"name": "1035637",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1035650",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035650"
},
{
"name": "1035649",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035649"
},
{
"name": "20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
},
{
"name": "DSA-3539",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3539"
},
{
"name": "1035651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035651"
},
{
"name": "1035636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035636"
},
{
"name": "1035648",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035648"
},
{
"name": "1035652",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035652"
},
{
"name": "1035637",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035637"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035650"
},
{
"name": "1035649",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035649"
},
{
"name": "20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
},
{
"name": "DSA-3539",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3539"
},
{
"name": "1035651",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035651"
},
{
"name": "1035636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035636"
},
{
"name": "1035648",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035648"
},
{
"name": "1035652",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035652"
},
{
"name": "1035637",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6360",
"datePublished": "2016-04-21T10:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1410
Vulnerability from cvelistv5
Published
2016-05-28 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035977 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/90908 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035977"
},
{
"name": "20160526 Cisco WebEx Meeting Center Site Access Control User Account Enumeration Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc"
},
{
"name": "90908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1035977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035977"
},
{
"name": "20160526 Cisco WebEx Meeting Center Site Access Control User Account Enumeration Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc"
},
{
"name": "90908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035977",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035977"
},
{
"name": "20160526 Cisco WebEx Meeting Center Site Access Control User Account Enumeration Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc"
},
{
"name": "90908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1410",
"datePublished": "2016-05-28T01:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12359
Vulnerability from cvelistv5
Published
2017-11-30 09:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102186 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx Network Recording Player |
Version: Cisco WebEx Network Recording Player |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:56.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Network Recording Player",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Network Recording Player"
}
]
}
],
"datePublic": "2017-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "102186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Network Recording Player",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Network Recording Player"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102186"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12359",
"datePublished": "2017-11-30T09:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:56.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0708
Vulnerability from cvelistv5
Published
2014-03-20 20:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140318 Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Information",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser\u0027s history, aka Bug ID CSCul98272."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-20T19:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140318 Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Information",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser\u0027s history, aka Bug ID CSCul98272."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140318 Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Information",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-0708",
"datePublished": "2014-03-20T20:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12360
Vulnerability from cvelistv5
Published
2017-11-30 09:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102001 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx Network Recording Player |
Version: Cisco WebEx Network Recording Player |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:36:56.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1"
},
{
"name": "102001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Network Recording Player",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Network Recording Player"
}
]
}
],
"datePublic": "2017-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1"
},
{
"name": "102001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Network Recording Player",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Network Recording Player"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1"
},
{
"name": "102001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12360",
"datePublished": "2017-11-30T09:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-08-05T18:36:56.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3270
Vulnerability from cvelistv5
Published
2011-02-02 22:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1025015 | vdb-entry, x_refsource_SECTRACK | |
| http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities | x_refsource_MISC | |
| http://www.securityfocus.com/bid/46078 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/516095/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=22355 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2011/0260 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1025015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities"
},
{
"name": "46078",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46078"
},
{
"name": "20110131 [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516095/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355"
},
{
"name": "ADV-2011-0260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1025015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities"
},
{
"name": "46078",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46078"
},
{
"name": "20110131 [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516095/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355"
},
{
"name": "ADV-2011-0260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025015",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025015"
},
{
"name": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities"
},
{
"name": "46078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46078"
},
{
"name": "20110131 [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516095/100/0/threaded"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355"
},
{
"name": "ADV-2011-0260",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3270",
"datePublished": "2011-02-02T22:00:00",
"dateReserved": "2010-09-09T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-06-24 10:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39458 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securityfocus.com/bid/75361 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032705 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39458 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75361 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032705 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398."
},
{
"lang": "es",
"value": "Cisco WebEx Meeting Center no restringe correctamente el contenido de URLs en solicitudes GET, lo que permite a atacantes remotos obtener informaci\u00f3n sensible o realizar ataques de inyecci\u00f3n SQL a trav\u00e9s de vectores que involucran el acceso de lectura a una solicitud, tambi\u00e9n conocido como Bug ID CSCup88398."
}
],
"id": "CVE-2015-4208",
"lastModified": "2024-11-21T02:30:38.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-24T10:59:05.930",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39458"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75361"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-23 14:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39460 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securityfocus.com/bid/75348 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032705 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39460 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75348 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032705 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Cisco WebEx Meeting Center permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de una URL manipulada, tambi\u00e9n conocida como Bug ID CSCur03806."
}
],
"id": "CVE-2015-4210",
"lastModified": "2024-11-21T02:30:38.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-23T14:59:05.337",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39460"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75348"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-21 10:59
Modified
2024-11-21 02:34
Severity ?
Summary
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.0s:*:*:*:*:*:*:*",
"matchCriteriaId": "E659A9C2-4E00-45F3-8F70-D9E18CDEE8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "4B359E9A-65D2-447D-AA44-BEA158622923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1xbs:*:*:*:*:*:*:*",
"matchCriteriaId": "B217F6BD-D867-459A-AC5E-760F0BD36602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.2s:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1B040D-CE1A-41A3-B0E9-1AA0CFC29899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.2ts:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2DB331-8EF3-4AC2-874D-360F439741E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.4s:*:*:*:*:*:*:*",
"matchCriteriaId": "FD279792-84E4-4E9C-9DBD-2E0689279981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.5s:*:*:*:*:*:*:*",
"matchCriteriaId": "67CF54E1-2890-4F70-81A1-04AFB98CC2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.6s:*:*:*:*:*:*:*",
"matchCriteriaId": "137FCB00-9FD5-4C45-9DE4-EC4BB2679049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.7s:*:*:*:*:*:*:*",
"matchCriteriaId": "210240F9-5C68-4178-A785-60A606C32FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.0s:*:*:*:*:*:*:*",
"matchCriteriaId": "186A4D4A-5977-45BC-A054-72B20FA574FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEF72D7-D889-4197-8469-A849050DE808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.2s:*:*:*:*:*:*:*",
"matchCriteriaId": "737754AA-C961-433E-B9D0-7C7ED0310F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.3s:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFC44D-F618-457B-BD53-F09224F1C599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.4s:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC5C495-4CFE-4126-A358-5E4B40D17CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.0s:*:*:*:*:*:*:*",
"matchCriteriaId": "663B2239-BC08-4C0C-A16C-FA7CFD0B1F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "27806BF7-0971-4F71-A0CC-A9FADEF40F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.4s:*:*:*:*:*:*:*",
"matchCriteriaId": "42425169-F2EE-4157-9AA6-CF1B4FD12B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.0s:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1BE381-4C2A-45B1-9647-FB1581BF687A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1C0761-BC14-4FD7-B852-88EAB4E78F83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.2s:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C5187C-C7E0-4446-B528-C5DE1AAB90ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:base:*:*:*:*:*:*:*",
"matchCriteriaId": "28A6CA7D-D7C8-4ECC-B5F1-200209A6892F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:dx_series_ip_phones_firmware:9.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EDDBE37A-683F-4A7F-98DB-BBE6704F4A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7800_series_firmware:10.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0BBC8C6-00BA-42A2-8AEB-8713F1B839C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "05ED7BA0-6B55-4A04-BBAF-102B99248302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "49CF653C-B5F5-427B-9FE9-D34D7B92AA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_6900_series_firmware:9.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E87AAF0C-E9D4-4195-8343-CEEC9C52E75C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7900_series_firmware:9.9\\(9.99001.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FB845296-F772-4A6E-98DC-68D7C2FA5686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7900_series_firmware:9.9_base:*:*:*:*:*:*:*",
"matchCriteriaId": "A4CF2229-FB0B-40BA-B821-49CB26F458D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.0\\(1\\)sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "49B899D8-4784-483D-A833-C72371CEC12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3E7619E1-E4A2-43B3-AF98-4917587C856E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "84ED85A1-D16F-4F8D-82C6-2E414EE2F590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.1\\(1\\)sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2ED0C9E-118A-4C01-8788-6E6FD65CE60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C420DA10-774A-4D38-A087-AFA6C52BB666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F5456A29-0F99-427E-A181-C562B0BE837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C4E0532D-53EC-471F-9689-1EE0248FBD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(2\\)sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA8A4E5-7E14-4BE9-AB2C-C2F6EB4E5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "68D74C73-E5E7-47BA-BA21-24E09E7A599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DCA1FEE7-49E7-4065-BDA6-83F3D4CAC872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D14B1890-F038-4B20-9BDF-03676C148E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "65D8F5AD-8676-4EFE-B4D1-93039F500C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(2\\)sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE6B62-66F8-4DD0-B245-5E7D5323EC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "19516CAF-9167-47D8-A926-26A95CB19669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CA675CA8-56A1-4D47-94F3-04C974FF2DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.4\\(1\\)sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF575CF9-F701-439D-8B58-DFD2625B87ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.4\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9ED2689D-A5CA-4B90-A336-BE3C850E4992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "60ADF922-B1CE-4FFB-ADAF-48EDADC06F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "03132810-121C-4210-8FE8-D8C49F9B5F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8A0526B5-646B-4115-BA28-774AB6334DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "180F4593-7F86-4702-B248-A3D0AB20D675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(9\\):*:*:*:*:*:*:*",
"matchCriteriaId": "51CF8E3E-6D57-4DD7-91B7-7C6ADCDC1B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "638A6537-62E1-4757-B857-603FA5C80C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:2.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "551A4418-B9BD-4F22-ABF6-C981E3B4D91E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.0.104:*:*:*:*:*:*:*",
"matchCriteriaId": "200F740F-9D7D-4A64-AE1F-276CF58241C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "70158003-F6CA-4A5C-893C-BF885A388D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2C8AFA-A4B6-44A2-B00C-1950997493C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6297451E-196E-4C6D-9186-451BB42CAE8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "465313C5-BFB9-458A-8150-8F7BA1F8C386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BF399187-270F-4560-9C09-DF18132FA427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7A928A-2CBA-43BC-B312-975EE9E24830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF721BA-25FF-485E-9102-5741AC9BC9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34D78E-68C9-4372-85F2-E74A1C8C06F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "05748A45-8423-42F4-8F95-7BA83548C4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C15D1F6-997D-47FD-A654-AEF3332E6105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3E5F50-CBD1-4516-BC97-3AF59DB39A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62B54134-5AC7-4D7E-A7F1-D4C2057FF146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFE499E-09BB-4C86-AC74-7568B2D3CA51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0B5BF7-18FB-4066-947E-7352B9951AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B42DD43A-B6BD-4C2B-BA57-928501C62388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE65B75-4987-4E77-8814-F7BC9875924A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C890603E-6634-46E2-AFA9-ADE8ED1B9E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBAB79E-83BF-4AD1-875B-D015A18ECB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA41C5E-F854-4729-9498-C54FA5C00664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.41:*:*:*:*:*:*:*",
"matchCriteriaId": "7B08E743-488A-4F99-ABA6-98AD534B603B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.46:*:*:*:*:*:*:*",
"matchCriteriaId": "978A0B9D-1B1D-4E22-893C-52DE75247BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.48:*:*:*:*:*:*:*",
"matchCriteriaId": "FD17927A-7AFA-4177-A34E-5FEB7A9400AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4B884F-EDE6-4055-83D8-609D2D1E518F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.52:*:*:*:*:*:*:*",
"matchCriteriaId": "8570FBED-D38F-49ED-8C6A-E241BF7E1274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.55:*:*:*:*:*:*:*",
"matchCriteriaId": "F2889989-8D9C-4E06-8477-8BCF6DC7D84A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.57:*:*:*:*:*:*:*",
"matchCriteriaId": "02E9724F-AD95-4572-BD8F-27B71F8EBC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5990B883-0B5A-44F0-B4DC-8031ED0F2026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA74460-D26D-4C0A-B697-DF9003096065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90BEB7A8-B2DB-46EB-9265-AB88476B1002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF80D39-35D2-447C-A809-E4C819FEEF25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F417BC-5835-4F29-8DB6-03A62B7B2364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D90599A3-F885-414E-94F9-B4AECEB34D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0185F882-E031-4B16-8DB3-62F76FBB78C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "092FB46B-A4A4-40E5-B474-4FC36ADC427C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB27EFB-BF82-493D-ADF2-7395B4E2A55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD84D98-1B98-454C-AF63-DE5E76E17C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "9D975A3B-0B3C-44E6-BE9C-AA73CF97AF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAF32AF-EF06-4663-BFBE-1334D491A212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.37:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FB85D8-B247-4921-AE49-C2A1C2FDEB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.39:*:*:*:*:*:*:*",
"matchCriteriaId": "29BA59C8-F3D0-4B94-824B-F3CDAB465D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF3C75D-751C-444F-A4AF-303409B22B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CD6FE3-1B32-461E-9215-0F016798B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "22552CF4-01F8-46A8-ADD4-7BABFA574330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1C5485-EAF4-4F4D-AFA1-E105F433665E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "989F9AC4-C2D1-49A0-95C3-79A4EB827E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE2E079-D7AC-4FE9-8938-A75C12AF5CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B442C852-2465-4EA8-A977-1F10A4CE23AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB6ED4-3095-46C1-9CB6-2975A7B05303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE68CD8E-B9CF-4519-8B0E-4C4488B34887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D762C9A7-005C-44FD-9BB2-7A1DD4EBE90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0B1212-87F3-46E5-B14A-C0C6BBAAAC98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "518D4826-06B0-4DDC-B082-A536418FD292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E343DE08-58FA-4C39-99F9-8CB5F57D0CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "76363698-DB62-4D92-8EE4-069891A9F92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6159BEE3-D097-4E07-9962-06DB740E2AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD606591-F69A-47AD-9256-20B98CA16135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EF3895-F372-45D3-9C7D-15F5C4712D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC5960D-B917-4ABA-850F-A710676ACB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B746A138-6650-49A3-87C8-3728FE5CF215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E50C2A13-5A8B-4FA5-ABB8-1157E560503B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "909F9D55-9276-4CF1-BC63-7CEEF8F25C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F383D276-D5EC-4335-AC09-9D30F6443AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39C2A7FF-6AC3-42B5-954A-9AA5950C523A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7F36A8-C291-423D-AF28-56AAD8D0F712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2009F4-F832-49D6-8346-54A7328BD93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "C9221DD4-498A-4867-B647-47E42299CE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "B839A425-E08C-41B1-9270-E177E40B1E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4DDF53-0995-4971-A980-30FD15A40C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3BD921-A58A-47EB-B90D-21C3A5D02D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "800FE449-350D-4C4C-A8C2-D4C5A3B59F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C49BF8F7-5ACE-4D90-8F17-1AA9D3A2FD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE6D050-F186-492C-9813-895433B2612A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6157AA5C-8297-4A32-B0A8-1E7E801E9CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A13091-02C6-4D98-90C9-ED4C43BDAFAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C3E0E1-C3F3-4D53-8116-7D1AF3CD53CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "59F3DB48-E1EE-44E9-85DE-9FD7D5C59B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "27E064BD-CBC0-4556-9BCF-87D808809237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "63D5DC14-187B-4808-8377-5FF44A11AA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "64079FC4-53D8-4DBF-A2D5-2CED256F4939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF969BE-46BB-4AD7-85AB-8384426E9551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EEA7A5-67FD-4CA4-8FF8-4B17A9C47B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94E618B3-DD03-4ECD-AB9B-97F1EDF95E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0DFE19-1C68-40E6-B8CD-9CC03F8B4281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20424324-881A-496B-BC55-62AA75994249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D67012F3-5153-400E-BD6F-EB0949875F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E40E9AB5-26E0-4BA2-9AFA-496BAA0EAC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BA4B2D-187A-47EC-8BE1-7EA178549476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF52FB9-4EA9-41A7-AD29-E963C09FC98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04C8C6E9-D5C3-42DC-B431-9097B2FCCB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75B5CF41-7F01-4AE9-B54B-8DB6909504B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BDD9D1-0DE3-4FA7-BDC1-2A724162CEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C80EAFF-E577-414A-9DDE-D27A41CB3DC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26CC07CC-0C79-48ED-BEB6-4B576A0DBD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "83FA6817-C5B7-410F-9CF7-801CC958C12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1576FC7F-B7DD-41DD-A95E-23B1F86E4B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3768E4B0-E457-47AB-99B0-7C1A0E0CBE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5D142088-0265-4987-8F5C-029F3DD06A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "76EDEE39-865D-4DA3-B1C9-033F2FF1A56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "500ED3CC-4FE8-4A24-ACFE-8D7E35E50D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2AE76B-D04E-4D0C-85E4-8AD07F7BDEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E1C03C-0737-4E2B-B3F9-10770281F4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C7052D2-0789-4A4D-917D-FCD894B7280F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0956F0A8-7424-437C-AAD8-203183BEBFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49FB57F9-5B37-4509-B2EB-6A16DFE11F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "952F6504-9CD0-453E-8C25-02BB9EE818F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E842AF74-D1E3-4F71-80F9-197B38942405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B97FB1-CC3A-40B5-853D-476E6C5D9D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6293A8-C21E-46F6-ACC1-6BBAD419B41F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1A48B1-112A-41C2-BC01-BCCF5794553D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D2AE7036-C8EE-441F-94A4-DE8A9E89CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "6448B4B4-022D-4D4A-A6DE-0090CEA12595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "42813600-3186-4D19-8AF2-F4F98D3C6740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0969E6-151D-4298-8EC8-68D7880E994B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0091CE-3386-4CCC-A2A8-900842EA6F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A450E0-09E4-44C5-B55C-78A4BDAADA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "8285C95A-316D-4965-A34D-3BCB9AB83FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4714F698-BBAE-47BB-99E8-F90D22415EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB55BC7E-0B3F-4202-8768-08F27B763926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB01683-C482-4A5B-90FA-B5266BEA452E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA16481A-4A47-4A8E-8C78-87B3A171280A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0258ED-6ED0-49C7-A13A-368711649FFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7A71AA-E1A6-47B7-B2B2-A3115CAA4058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D448BB56-5B2E-4B3E-B7E8-1F4991F23D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E0346EAC-BDD1-4DC5-B8CA-20579C44AFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2049D602-54F1-4072-936E-0D7E337162B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0710D6C8-AD34-43E2-B72B-315FFF3DC34F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "70F8F1D2-2196-44C4-B420-824F49BB4ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5E14B8D3-6D53-4E84-9B5D-24667B192C4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A05B2DFD-A0EF-42BE-B00B-334E78CA8C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC96C9-492F-49CB-BEFE-356581E96B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78F1F7D4-EC51-47D1-A71A-9EF98C51D388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5E93DE-06C0-401C-8062-1B2EB6EFDED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5EBFAB-25E2-4245-B748-92CAA943D4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BFB446-5747-42BB-98BC-B8DF250F1842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF48794-2E5D-4BE0-9BB5-49ADE34F4A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A3A13A9C-5387-4670-8E20-FE878946D091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.104\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9F7C7DA3-C24B-41BB-BDBE-7DC58EEAC4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(3.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AFC39DA3-8171-4344-A946-7965873C56F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C31567-8AEB-49C6-AA60-4150411D62AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA140CB2-C17C-4164-A59A-8585906057BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "468D98A7-92D5-4C01-9EDD-CB44B85EA6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAAC9FE-CCF0-4385-B5E9-FC424CD3EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9DEB1C-F9B9-4291-92B5-8EEEADC57E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39330218-32FA-42FF-B5CA-288B7D140304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A92D7CED-D036-414B-B9EB-DCAF7F425A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AAAB02-140D-46F2-A315-5791BF5A853F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2EB02DBE-6D60-4D0E-8E9D-7611C3C32748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.50\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1E044883-9952-477A-B2AA-3E0BB90C96A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.105\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2E26A1B0-D61C-4A25-8E10-02A2E3E7A02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.100\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6F4A28B7-87A2-464A-92A8-644E3F7D13D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.243\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8D83ED80-972A-4548-9AB0-10F9A23DF749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26D99395-D18D-458E-9880-19B7767F69D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4CE047-3FEF-4A72-AD06-EC77D71EBCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED33F68A-9EB0-416A-A0A5-0DF2C349FFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7DD812-DC72-4816-8B0F-361C32B2CD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41D4CD-D5EA-4678-B3AA-962C7C937118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "996C9552-5743-4639-A077-5B057605DF21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5779CE0-7691-47DA-902C-4D32D6650C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C69BE69-7C19-4ED3-98D3-04B1D41E56FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE9F46B-DD74-4295-BB6A-9239E29F4416",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unity_connection:1.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2541F3D6-BD69-47D6-8070-DDCEDEE7F497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:1.2_base:*:*:*:*:*:*:*",
"matchCriteriaId": "5B38FA24-E514-40CA-A28E-C72440B0637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:2.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BCD675A5-D5FD-464A-8DBA-69687609913D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:2.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E48B3D-0CFF-49AD-AD7C-C54F8BDD8748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:2.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "74E91D00-4862-41B7-AC81-98BED5B41DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "8801B286-C800-44EF-9B0D-E6B4A42C8CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "83C049EE-23C2-4FBE-A94A-DB5EA2BCC113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B52ADDA2-D366-474C-AE65-83998FED89F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6CBE0184-2D1B-4DA2-B1B6-59B3E013557A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(2a\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6DED4-9D0D-4FE3-BC94-BE1B6CBCCB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2FBF4DF8-EA6E-4160-918C-8938188E22E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(2b\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "0591D082-7290-476D-A0B8-DEA649AE661D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8CB1C1C9-5F1A-40F7-BEB0-66B1793C538C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B69719BD-D624-479A-BF75-04A6D1691585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3a\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "851E3C54-848C-4D6A-AC2E-9FADC3377377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3a\\)su1a:*:*:*:*:*:*:*",
"matchCriteriaId": "90C04291-80AC-4804-86DE-D7D5653F3824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CFC6E1B0-2BEB-45C1-90F5-F79D1FBC714A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3b\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "95F18323-F108-4816-8AC5-F8CBADCDB06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3b\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE18C174-CFDF-48E9-B46B-696BDCF6F02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5EE964E1-0A54-49C4-A1EC-5707DBADC4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5\\)su1a:*:*:*:*:*:*:*",
"matchCriteriaId": "A0610189-1E2D-4CED-AB12-E80E7F9F1930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E56D2B86-DAC0-4E3C-A13C-4908D4312487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7026853F-6467-41C8-AE31-B8742D230473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB6DB1C-9493-4FE6-BBED-11C5B0BDCAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "286C8ECF-BFEB-41BD-8286-595B27AB5CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "6106891F-A7EF-4380-AF53-F644C637487E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C9FCF4-3F53-4805-B564-40AF29140804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA60E66-4CC6-4FEE-A876-ABF53F54908C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su6a:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB3A0EE-0191-4BF5-96DB-F417F0533740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1.5es33.32900-33:*:*:*:*:*:*:*",
"matchCriteriaId": "77F37DEF-08E5-4F54-89B0-3E0CA4FBE4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:7.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "5B58CC96-2E5E-42E9-9252-49271AC052D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "93141BE8-20AB-42DC-9838-8FE00F215342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "101FCDD0-DC91-4111-975E-DE618D3B4E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "D386D8CD-D6EA-4705-ABDC-EA6558F5AC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B1917B-197C-4E28-9356-2ACC4C4DB932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "5567A000-338E-40D7-9481-674B8FFC142D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA991A88-D49E-4957-B404-6E3C15C96994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "BECA1F06-6FFD-4A0D-B140-B25E39FB8513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "2ADCE50E-87C1-49D7-B127-92174327EAB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "8D11810A-80D7-41BB-B370-30218FF52F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C547C041-6C58-44D5-93D7-C02E04E93994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C40F61A6-A992-4DA4-9730-D145055596C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "78970987-BD6E-48A0-AF43-540C925E1F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "632B8CDD-5ACC-4FFB-950B-480CC43D192D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "7740A5EF-538E-4095-91F5-E4DC03EDB35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "D805DD4A-269D-4399-B6BF-7F40F98C3BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "A06A53BA-668B-41C0-B223-6637487EF113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:*",
"matchCriteriaId": "82B3ABB4-A33A-4886-9871-C24B33B3AEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6793E1F6-DC57-4A13-B49D-0ED45E48426C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "50CD06E4-0C09-4DD7-B106-56DC680CE333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(1.10\\):*:*:*:*:*:*:*",
"matchCriteriaId": "612C46BC-40CC-47F6-9166-4001144FB311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BA2751A8-A3CF-4CC7-A7F2-003165C1AEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A49C1C0B-4B2A-4F13-996D-E3ED1F96C2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:10.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CC8FF5-F0FA-41E8-AD78-D277AB9776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:10.5\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "02F5AF19-C869-4A55-B4D7-38C0FFABCC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:10.5\\(2.3009\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C9B5432-11E5-4800-BB0F-48DFCAF409FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:10.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "2A358C37-6257-41E6-90ED-61CDE709F085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:11.0\\(0.98000.225\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1961B4F5-C2E1-41C3-AD4A-F3ABA03EFD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:11.0\\(0.98000.332\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E9973BA-EC31-459A-9E10-4C0F6D5D6C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:11.0_0:*:*:*:*:*:*:*",
"matchCriteriaId": "14E894A4-3F92-4AA3-8E48-4223DBC3B2EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:11.5\\(0.98\\):*:*:*:*:*:*:*",
"matchCriteriaId": "93B09544-1D66-4ECD-9346-81EA5E2373E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:11.5\\(0.199\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0B4971DD-92BD-4F11-A290-F3F0258A4432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:11.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "96143B66-C21D-43BE-BC94-C28B69FCBFAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:8.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5F07CC41-0B27-4B97-B0D9-73C8F6D71021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6E093F79-9ABA-4FEF-A178-8FA6EF2F871F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "73EE1905-615B-4893-ABD2-C979B095A8B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA685E8E-676D-45A2-9383-37A4506F798B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "26F4872B-01EA-4473-B490-668C9AB29789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6D5FA4C9-EEB4-4AC7-ACA1-90A4BEC4A2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "414CEEED-2EAB-4BFF-9C28-A82069497B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A4459D13-45E1-40F6-A5D3-4DD1632A8C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA527DCA-7F9A-4A7B-8C4F-9EED0B36E038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D749F811-40EA-420C-883D-DDD31C9F3145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.3\\(0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "896D4FA3-FF50-4C50-B823-04436C0E9B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B14AF067-2224-4A72-BA36-31435CB116F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DE679CDD-D0C0-4E76-A295-C714AFF10723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:libsrtp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2CFC42-D8FA-4C51-B1F1-0A03EC23A10A",
"versionEndIncluding": "1.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.9\\(9\\)st1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBDE7B3-6B02-450F-BFE3-FA25ABA7CCF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686."
},
{
"lang": "es",
"value": "La caracter\u00edstica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de campos manipulados en paquetes SRTP, tambi\u00e9n conocida como Bug ID CSCux00686."
}
],
"id": "CVE-2015-6360",
"lastModified": "2024-11-21T02:34:51.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-21T10:59:00.117",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.debian.org/security/2016/dsa-3539"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035636"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035637"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035648"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035649"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035650"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035651"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035652"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-23 14:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39457 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securityfocus.com/bid/75350 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032705 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39457 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75350 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032705 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center places a meeting\u0027s access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147."
},
{
"lang": "es",
"value": "Cisco WebEx Meeting Center coloca el n\u00famero de acceso de una reuni\u00f3n en una URL, lo que permite a atacantes remotos obtener informaci\u00f3n sensible y evadir las restricciones de asistencia mediante la visita a la p\u00e1gina de registro de reuniones, tambi\u00e9n conocida como Bug ID CSCus62147."
}
],
"id": "CVE-2015-4207",
"lastModified": "2024-11-21T02:30:38.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-23T14:59:03.633",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39457"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75350"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-14 22:55
Modified
2024-11-21 02:00
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Cisco WebEx Meeting Center permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCul36248."
}
],
"id": "CVE-2013-6960",
"lastModified": "2024-11-21T02:00:03.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-14T22:55:14.287",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/100904"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6960"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32152"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/64273"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89693"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-19 01:59
Modified
2024-11-21 02:30
Severity ?
Summary
The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39420 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securityfocus.com/bid/75296 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032660 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39420 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75296 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032660 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861."
},
{
"lang": "es",
"value": "La interfaz administrativa basada en web en Cisco WebEx Meeting Center proporciona mensajes de error diferentes para intentos de iniciar sesi\u00f3n fallidos dependiendo de si el nombre de usuario existe o corresponde con una cuenta privilegiada, lo que permite a atacantes remotos enumerar nombres de cuentas y obtener informaci\u00f3n sensible a trav\u00e9s de una serie de solicitudes, tambi\u00e9n conocido como Bug ID CSCuf28861."
}
],
"id": "CVE-2015-4194",
"lastModified": "2024-11-21T02:30:36.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-19T01:59:01.023",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39420"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75296"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032660"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-26 04:15
Modified
2024-11-21 04:29
Severity ?
Summary
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meetings_online | 11.0.0 | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_event_center | - | |
| cisco | webex_meeting_center | - | |
| cisco | webex_support_center | - | |
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_online:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9BE8A0-474F-485C-9DE6-692FF2118477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F12AF70E-2201-4F5D-A929-A1A057B74252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_event_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83E6A0CF-0BB4-447B-B061-E4DADDD88209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_support_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4D6417-ECE6-449A-B9E5-B9AE789CE91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz web de Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center y Cisco Webex Training Center, podr\u00eda permitir a un atacante remoto no autenticado adivinar los nombres de usuario de las cuentas. La vulnerabilidad es debido a la falta de protecci\u00f3n CAPTCHA en determinadas URL. Un atacante podr\u00eda explotar esta vulnerabilidad al enviar una petici\u00f3n dise\u00f1ada a la interfaz web. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitirle al atacante saber si un nombre de usuario determinado es v\u00e1lido y conseguir el nombre real del usuario."
}
],
"id": "CVE-2019-15987",
"lastModified": "2024-11-21T04:29:52.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T04:15:11.903",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-14 22:55
Modified
2024-11-21 02:00
Severity ?
Summary
Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197."
},
{
"lang": "es",
"value": "Cisco WebEx Meeting Center permite a usuarios remotos autenticados evadir un control de acceso intencionado e inyectar contenido desde diferentes sitios WebEx a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCul36197."
}
],
"id": "CVE-2013-6964",
"lastModified": "2024-11-21T02:00:04.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-14T22:55:14.397",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/100908"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/64280"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89690"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-14 22:55
Modified
2024-11-21 02:00
Severity ?
Summary
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928."
},
{
"lang": "es",
"value": "Cisco WebEx Meeting Center permite a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de mensajes de error detallados dentro de las respuestas del servidor, tambi\u00e9n conocido como Bug ID CSCul35928."
}
],
"id": "CVE-2013-6970",
"lastModified": "2024-11-21T02:00:04.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-14T22:55:14.520",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/101002"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6970"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/64306"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89708"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-10 11:06
Modified
2024-11-21 02:07
Severity ?
Summary
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - | |
| cisco | webex_meetings_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE5F3F6-C7AE-4384-B58D-F0506719E35C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funcionalidad de compartir ficheros en WebEx Meetings Client en Cisco WebEx Meetings Server y WebEx Meeting Center permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos manipulados, tambi\u00e9n conocido como Bug IDs CSCup62463 y CSCup58467."
}
],
"id": "CVE-2014-3311",
"lastModified": "2024-11-21T02:07:50.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-10T11:06:27.927",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/68502"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1030550"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94432"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-30 09:29
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/101999 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1039920 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101999 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039920 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | t32.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DC231A3B-FA47-4275-9051-A5CCD91A5FDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco WebEx Event Center podr\u00eda permitir que un atacante remoto autenticado vea informaci\u00f3n no listada de reuniones. La vulnerabilidad se debe a un fallo de dise\u00f1o en el producto. Un atacante puede ejecutar una consulta en un sitio Event Center para ver las reuniones programadas. Una consulta con \u00e9xito mostrar\u00eda tanto las reuniones listadas como las no listadas en la informaci\u00f3n visualizada. Un atacante podr\u00eda emplear esta informaci\u00f3n para asistir a reuniones que no tienen disponibles. Cisco Bug IDs: CSCvg33629."
}
],
"id": "CVE-2017-12365",
"lastModified": "2024-11-21T03:09:23.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-30T09:29:01.497",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101999"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039920"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 08:29
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/101515 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1039625 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101515 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039625 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | jabber | 1.9.30 | |
| cisco | webex_meeting_center | 1.9.26 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:jabber:1.9.30:*:*:*:*:windows:*:*",
"matchCriteriaId": "DFE62F58-04B1-4FA8-9C64-3E37E8CFF98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:1.9.26:*:*:*:*:*:*:*",
"matchCriteriaId": "749526DD-4A7B-4E91-979D-570AE9EFEB26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz web de Cisco Jabber podr\u00eda permitir que un atacante local autenticado recupere informaci\u00f3n del perfil de usuario del software afectado, lo que podr\u00eda dar lugar a la revelaci\u00f3n de informaci\u00f3n confidencial. Esta vulnerabilidad se debe una la falta de comprobaciones de entradas y validaciones en el software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose de manera local en el sistema afectado y enviando entonces comandos espec\u00edficos al software afectado. Un exploit con \u00e9xito podr\u00eda permitir que el atacante visualizase toda la informaci\u00f3n del perfil donde solo deber\u00edan ser visibles ciertos par\u00e1metros de Jabber. Esta vulnerabilidad afecta a todas las distribuciones de Cisco Jabber anteriores a la distribuci\u00f3n 1.9.31. Cisco Bug IDs: CSCve52418."
}
],
"id": "CVE-2017-12286",
"lastModified": "2024-11-21T03:09:14.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T08:29:00.497",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101515"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039625"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-28 01:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312."
},
{
"lang": "es",
"value": "Cisco WebEx Meeting Center Original Release Base permite a atacantes remotos obtener informaci\u00f3n sensible acerca de la validaci\u00f3n de nombre de usuario (1) asistiendo o (2) albergando una reuni\u00f3n, tambi\u00e9n conocida como Bug ID CSCux84312."
}
],
"id": "CVE-2016-1410",
"lastModified": "2024-11-21T02:46:23.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-28T01:59:01.307",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/90908"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035977"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-20 11:13
Modified
2024-11-21 02:05
Severity ?
Summary
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199 | Vendor Advisory | |
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=34252 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1030251 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=34252 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030251 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_business_suite | 27.0 | |
| cisco | webex_business_suite | 28.0 | |
| cisco | webex_business_suite | 29.0 | |
| cisco | webex_event_center | - | |
| cisco | webex_meeting_center | - | |
| cisco | webex_meetings_server | * | |
| cisco | webex_sales_center | - | |
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_business_suite:27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAD4B10-275C-4C1B-95C6-3805104CBE8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_business_suite:28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7544AE0-77D7-45CB-B49C-B060F9B51DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_business_suite:29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "320608BF-D0C5-4245-A200-613CB5BB185B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_event_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83E6A0CF-0BB4-447B-B061-E4DADDD88209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF4BC9-68A8-4AF2-88C3-EDADB721B6C8",
"versionEndIncluding": "1.5\\(.1.131\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_sales_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA5880C-52BA-47D2-9CAB-45C3FA6FCB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738."
},
{
"lang": "es",
"value": "meetinginfo.do en Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) y anteriores y WebEx Business Suite (WBS) 27 anterior a 27.32.31.16, 28 anterior a 28.12.13.18 y 29 anterior a 29.5.1.12 permite a atacantes remotos obtener informaci\u00f3n sensible de reuniones mediante el aprovechamiento de conocimiento de un identificador de reuni\u00f3n, tambi\u00e9n conocido como Bug IDs CSCuo68624 y CSCue46738."
}
],
"id": "CVE-2014-2199",
"lastModified": "2024-11-21T02:05:50.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-20T11:13:37.657",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030251"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 08:29
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78615, CSCvf78628.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/101491 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1039619 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101491 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039619 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D89AB9C-3475-4BC9-B3B1-6F13D07BA290",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78615, CSCvf78628."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco WebEx Meeting Center podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de un sistema afectado. La vulnerabilidad se debe a una validaci\u00f3n de entradas insuficiente de algunos par\u00e1metros que se pasan al servidor web del sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario de que acceda a un enlace malicioso o interceptando una petici\u00f3n de usuario e inyectando c\u00f3digo malicioso en la petici\u00f3n. Un exploit con \u00e9xito podr\u00eda permitir que el atacante ejecute c\u00f3digo script arbitrario en el contexto de la interfaz web afectada o que acceda a informaci\u00f3n sensible del navegador. Cisco Bug IDs: CSCvf78615, CSCvf78628."
}
],
"id": "CVE-2017-12298",
"lastModified": "2024-11-21T03:09:15.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T08:29:00.700",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101491"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039619"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-25 19:29
Modified
2024-11-21 03:30
Severity ?
Summary
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_event_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "9B23ACCD-6784-4043-9AD1-AD1D9149D510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_event_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7E784F-423E-4ABB-AAC9-9CBBF3873702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_event_center:t32_base:*:*:*:*:*:*:*",
"matchCriteriaId": "35D6C33C-D91B-4C54-AA35-530293E43517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "1515E161-06AE-4A77-BA55-B04E0ECF05B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "77A34A56-995C-456D-9F66-2D4510A8746A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32_base:*:*:*:*:*:*:*",
"matchCriteriaId": "FB819563-9DED-4339-BD3E-AB59E510EF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE4DDB4-A4EA-48F4-ABAF-0E14CE903824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "81E8E429-36B2-41A8-A483-8FD2E7044986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48D31BB1-C7AF-4EB8-8234-97ABDA21D4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5.1.131:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC55BEF-9FDD-49FA-AC8E-53467824AB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B8FEF2-8D03-4752-B829-E8694DCB850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0.1.107:*:*:*:*:*:*:*",
"matchCriteriaId": "BB009CBA-0A3B-4578-BFC7-74C42CC3F107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "80B9A3E8-DD9D-451B-81A4-BADA16512845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C7BE43-0F81-4550-813E-66D0844E9291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "9043AE98-9A13-46F8-8E8A-BEC9E8EE0843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A8289371-84B7-4342-9EA6-2844A9C5DCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4AF5A4-1B99-43F8-A659-7C57B033F2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8745FD6-B0B3-46A9-9254-7B13877D7080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6.1.39:*:*:*:*:*:*:*",
"matchCriteriaId": "794B669D-5A30-49CA-9F35-8F7AA5A2DF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA0048F-B88D-47F6-89D6-B7EDDECBF700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*",
"matchCriteriaId": "30ECA8FE-D587-4692-AA90-9706E44BAC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.8_base:*:*:*:*:*:*:*",
"matchCriteriaId": "04698E83-4906-4FD9-81C1-955A6D770898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE527118-BAFE-4120-890B-B6D3AFF91D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1297660-D3BF-4EB4-9AD8-F0B6CB1D7EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr4:*:*:*:*:*:*:*",
"matchCriteriaId": "633885BF-E4AD-4D68-BE6B-FC422C4A6756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr5:*:*:*:*:*:*:*",
"matchCriteriaId": "735D9391-9600-4488-A5A3-9BE519991C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr6:*:*:*:*:*:*:*",
"matchCriteriaId": "596CF80A-6D04-4C8C-8E4C-A312F50F90CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr7:*:*:*:*:*:*:*",
"matchCriteriaId": "26700488-AE40-4B51-9205-90B2822A1473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr8:*:*:*:*:*:*:*",
"matchCriteriaId": "64859732-7AD6-4393-927A-2D610746C6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr9:*:*:*:*:*:*:*",
"matchCriteriaId": "5A173DA9-B4F4-4A1E-8A57-B7D04FAD775B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr8_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC24AAF-F4B6-45D6-9C62-09B104C72F83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACAED8E-CD53-4F12-858E-3AB1DB652893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:2:*:*:*:*:*:*:*",
"matchCriteriaId": "396E0F99-BD66-4B77-BA1F-6CDC25BAD54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5EBC53-A135-429B-B132-B2FF8F6E2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2C39D-1B45-42D6-B09E-1E5FA258A776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B02318-4867-43D4-9FB2-82A3CF59342E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA32CA3D-7617-453A-9D1B-4BCD84017573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr4:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE64939-BE95-454D-88C1-39A8E69A21D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr5:*:*:*:*:*:*:*",
"matchCriteriaId": "571E071B-BF6D-4DC7-9E29-C150C18C2709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8E6509-E041-489C-A31E-BC4EAF5DEA1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr2_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9A3B55D-840B-48CA-9A01-97F33C24E38B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr5_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2715AB5-39A2-4AB4-8DBC-A0AF0E659DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "478A42B0-27D5-4C01-B515-C09A5C87F49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:2:*:*:*:*:*:*:*",
"matchCriteriaId": "15D2AB6C-7C5D-44FD-9990-6EAD1CFCC10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F63FD08C-2483-4F4D-BF90-4FC53AC51F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:4:*:*:*:*:*:*:*",
"matchCriteriaId": "32D28387-E832-4EB5-BD0C-B64BBE42943B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6:mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C89D9D6-0923-4D11-A264-776AB637B007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6:mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CA8FDC-2040-44AC-B05D-D94F3387118E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6:mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCAF0D6-372F-4230-A9FE-D76E6CDDBA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr1_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0CBF03-2DC9-4C66-A324-F007D5C03429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr2_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C416484-9739-453F-A8F8-FB2A0AE3716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr3_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "7277467C-D605-496C-A666-520C7E8729CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr3_patch:2:*:*:*:*:*:*:*",
"matchCriteriaId": "032142FE-89CD-4810-A6F2-890CD16E6333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7:mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "CECC6270-A8DC-4B51-9675-FF428E33790C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7:mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "C06C6985-D7A1-4146-BCAA-BA255F238172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7_mr1_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E33A813-6D07-447A-96A6-36E2B63FE799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7_mr2_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8284327-927C-406A-BAC6-B7EF21F47407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_support_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "68F014B7-5DDB-48DC-ABF9-DA7BC081830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_support_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "C2AAF51C-6E2A-465E-8AD9-9A170E9FC3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_support_center:t32_base:*:*:*:*:*:*:*",
"matchCriteriaId": "305F6293-1231-419B-B096-6F88943806A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAA1ECC-04D7-47EA-B457-818F5BA381AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E501E7-912E-462C-BC4C-5C8E1C6425AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:t32_base:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB3EDE5-67C5-40E4-AB92-BBF1B8122091",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
},
{
"lang": "es",
"value": "Una vulnerabilidad en las extensiones del navegador WebEx de Cisco para Google Chrome y Mozilla Firefox, podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario con los privilegios del navegador afectado sobre un sistema afectado. Esta vulnerabilidad afecta a las extensiones del navegador para WebEx Meetings Server de Cisco, WebEx Centers de Cisco (Meeting Center, Event Center, Training Center y Support Center) y WebEx Meetings de Cisco cuando son ejecutadas en Microsoft Windows. Una vulnerabilidad es debido a un defecto de dise\u00f1o en la extensi\u00f3n. Un atacante que pueda convencer a un usuario afectado para visitar una p\u00e1gina web controlada por un atacante o siga un enlace provisto por un atacante con un navegador afectado podr\u00eda atacar esta vulnerabilidad. Si tiene \u00e9xito, el atacante podr\u00eda ejecutar c\u00f3digo arbitrario con privilegios del navegador afectado. Las siguientes versiones de las extensiones del navegador de WebEx de Cisco est\u00e1n afectadas: Versiones anteriores a 1.0.12 de la extensi\u00f3n WebEx de Cisco en Google Chrome, Versiones anteriores a 1.0.12 de la extensi\u00f3n WebEx de Cisco en Mozilla Firefox. Identificaci\u00f3n de Bug Cisco: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
}
],
"id": "CVE-2017-6753",
"lastModified": "2024-11-21T03:30:27.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-25T19:29:00.397",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99614"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038909"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038910"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038911"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-30 09:29
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/101985 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1039919 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101985 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039919 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | t30 | |
| cisco | webex_meeting_center | t30 | |
| cisco | webex_meeting_center | t30 | |
| cisco | webex_meeting_center | t31 | |
| cisco | webex_meeting_center | t31 | |
| cisco | webex_meeting_center | t32 | |
| cisco | webex_meeting_center | t32.3 | |
| cisco | webex_meeting_center | t32.4 | |
| cisco | webex_meeting_center | t32.6 | |
| cisco | webex_meeting_center | t32.7 | |
| cisco | webex_meeting_center | t32.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DA104A3D-5A22-4D3B-8EE2-28BE7A5E6325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30:sp8:*:*:*:*:*:*",
"matchCriteriaId": "05BBAE9B-0492-4B37-8667-4953E8951D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30:sp9:*:*:*:*:*:*",
"matchCriteriaId": "C0BA459F-ECD3-4C44-B9C6-46004661F6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31:sp8:*:*:*:*:*:*",
"matchCriteriaId": "EADA51E0-90A1-441B-B494-06ABBA8D590A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31:sp9:*:*:*:*:*:*",
"matchCriteriaId": "93331589-0F03-4AC1-86A9-39DD7EBCFF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2F2F01-6B6B-4F77-95C6-4200325B2174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B8881E-69C5-454F-920D-762A0D2EA876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C12B18B6-CFDE-438F-89E9-17ED31426A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DC231A3B-FA47-4275-9051-A5CCD91A5FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D068D92A-9D26-41DF-AC1F-4880FF26FFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A79EEB2-6702-4EE5-A888-9124ED101E65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a \"URL Redirection Vulnerability.\" The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco WebEx Meeting Center podr\u00eda permitir a un atacante remoto autenticado iniciar conexiones con hosts arbitrarios. Esta vulnerabilidad tambi\u00e9n se conoce como \"URL Redirection Vulnerability\". La vulnerabilidad se debe a un control insuficiente de acceso para el tr\u00e1fico HTTP dirigido a Cisco WebEx Meeting Center. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una URL maliciosa a Cisco WebEx Meeting Center. Esta vulnerabilidad podr\u00eda permitir que el atacante se conecte a hosts arbitrarios. Cisco Bug IDs: CSCvf63843."
}
],
"id": "CVE-2017-12297",
"lastModified": "2024-11-21T03:09:15.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-30T09:29:00.197",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101985"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039919"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-10 11:06
Modified
2024-11-21 02:07
Severity ?
Summary
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - | |
| cisco | webex_meetings_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE5F3F6-C7AE-4384-B58D-F0506719E35C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463."
},
{
"lang": "es",
"value": "La funcionalidad File Transfer en WebEx Meetings Client en Cisco WebEx Meetings Server y WebEx Meeting Center no verifica que un fichero solicitado fuera un fichero ofrecido, lo que permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de una solicitud modificada, tambi\u00e9n conocido como Bug IDs CSCup62442 y CSCup58463."
}
],
"id": "CVE-2014-3310",
"lastModified": "2024-11-21T02:07:50.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-10T11:06:27.880",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/68503"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1030551"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94431"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 11:59
Modified
2024-11-21 03:26
Severity ?
Summary
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:activetouch_general_plugin_container:105:*:*:*:*:firefox:*:*",
"matchCriteriaId": "7C4F4E52-9923-47E0-8990-8DB3761C724F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:download_manager:2.1.0.9:*:*:*:*:internet_explorer:*:*",
"matchCriteriaId": "8E2D077D-DB25-4D10-A4DD-7E55CD7B6050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:gpccontainer_class:*:*:*:*:*:internet_explorer:*:*",
"matchCriteriaId": "E7F1F1F5-E057-42F2-878B-CD62E4B7D4E2",
"versionEndIncluding": "10031.6.2017.0125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:*:*:*:*:*:chrome:*:*",
"matchCriteriaId": "E1B0BEA6-F4C4-4A54-AFF8-E16B4C110AED",
"versionEndIncluding": "1.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "80B9A3E8-DD9D-451B-81A4-BADA16512845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E84A595-4A33-4FA1-AF86-DFCBECAB8D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "56F6DDAE-BD36-4D8D-BC48-DD229F33125A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr4:*:*:*:*:*:*:*",
"matchCriteriaId": "2010E860-9DA9-4706-BEE7-7521BCBC5E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1C2055-272B-403A-9BF8-5FA8CFBC933D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr6:*:*:*:*:*:*:*",
"matchCriteriaId": "346A7C39-AF2E-499F-B77E-0F80787D268E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr7:*:*:*:*:*:*:*",
"matchCriteriaId": "98825256-4520-473B-AC9F-F74B9D95DD0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:*:*:*:*:*:*:*",
"matchCriteriaId": "913EC8D3-A9A3-4FC6-B2FD-87003F985F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:p1:*:*:*:*:*:*",
"matchCriteriaId": "DB03D1C7-F4BA-4B0E-814F-3C43395AC928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:*:*:*:*:*:*:*",
"matchCriteriaId": "339D371C-57FF-43AD-97DB-A8FA9ADCB796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p1:*:*:*:*:*:*",
"matchCriteriaId": "2F0B9AE4-75B8-43BC-B66B-0ABE6C21599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p2:*:*:*:*:*:*",
"matchCriteriaId": "09EB75CC-8EBD-49D2-B986-CB83D2742A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p3:*:*:*:*:*:*",
"matchCriteriaId": "DF450A53-1F3F-415C-90C5-E43E9A37197F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4AF5A4-1B99-43F8-A659-7C57B033F2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F492431-5AE7-439F-81F1-B96EAD773E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC640D5-C840-4ABB-BD22-9B60BBFE8DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:p1:*:*:*:*:*:*",
"matchCriteriaId": "3C438DB1-1761-4C1B-A6DD-AD84853C5755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB2094F-B0E1-4129-BFD6-9FE1687B0AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:*:*:*:*:*:*:*",
"matchCriteriaId": "16B75EA6-516D-4550-B83D-E0EFDAA25208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:*:*:*:*:*:*:*",
"matchCriteriaId": "48A2A712-E8FD-460F-9A3C-3760082B8920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:p1:*:*:*:*:*:*",
"matchCriteriaId": "EDB5ECBA-051E-4500-9B8C-82479D45164D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6F5080-355B-4A85-8DF4-D75D6A550C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFC81E-CA80-4E31-B839-A98FAB4F92A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p2:*:*:*:*:*:*",
"matchCriteriaId": "23A09CF0-9C9B-4FBF-9AEC-285002175F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p3:*:*:*:*:*:*",
"matchCriteriaId": "69BC1C33-550D-405E-860B-35F301B8B2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_base:*:*:*:*:*:*:*",
"matchCriteriaId": "21E55CCE-2B52-4865-8C63-7E6C779C20D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "9881CF16-F617-48DA-8CB8-08C3D943CCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "8D743715-37BA-4169-9C91-3BD5E28694F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFFB01B-1B4F-4072-A68C-98C538DE34ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:p1:*:*:*:*:*:*",
"matchCriteriaId": "47B6F991-49EC-444F-8883-A57C37E8BA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "9309C030-2F02-4E7E-B3E3-035B93DD1E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:p1:*:*:*:*:*:*",
"matchCriteriaId": "A58843EB-A2C0-4034-967F-502A52DCC351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*",
"matchCriteriaId": "30ECA8FE-D587-4692-AA90-9706E44BAC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCD22A8-7E04-4782-AEB2-07878925A2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "FF7208EC-0255-462E-B5DE-9D5617D8C20D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "396253A5-EC5F-429B-ABF3-20CB0A56E658",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_base:*:*:*:*:*:*:*",
"matchCriteriaId": "6589E647-4E17-44A9-A6C6-483C541E4095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFFA393-E70D-41C2-BB2D-147F8A6DFBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "815D810A-003F-4D8F-B368-CC28152E60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "28D63C8E-4EDE-4CAF-B7F6-9CB46AFE0664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:p1:*:*:*:*:*:*",
"matchCriteriaId": "A5F8D5F3-ED67-469D-BBCE-A7669BF85755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "85B536C7-3E9A-4862-9714-3BCA1A8C6815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:p1:*:*:*:*:*:*",
"matchCriteriaId": "56639D86-F53E-4334-A67C-D9DB2D5713E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_base:*:*:*:*:*:*:*",
"matchCriteriaId": "7288021F-83C7-49FC-9CC3-CC4B3877C412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F99CC51-B1B2-4E1A-ACA6-766EE5907139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "031E633D-2FED-4874-8D7D-4275875078FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "992973F3-E460-4AF5-B1BA-48CC61B87FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t29_base:*:*:*:*:*:*:*",
"matchCriteriaId": "D792EF72-4866-4DD9-AE59-468E49C7E31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "1515E161-06AE-4A77-BA55-B04E0ECF05B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "77A34A56-995C-456D-9F66-2D4510A8746A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Cisco WebEx Extension en versiones anteriores a 1.0.7 en Google Chrome, el ActiveTouch General Pluging Container en versiones anteriores a 106 en Mozilla Firefox, el plugin de control GpcContainer Class Active X en versiones anteriores a 2.1.0.10 en Internet Explorer. Una vulnerabilidad en las extensiones del navegador CiscoWebEx podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario con privilegios del navegador afectado en el sistema afectado. Esta vulnerabilidad afecta a las extensiones del navegador para Cisco WebEx Meetings Server y Cisco WebEx Centers (Meeting Center, Event Center, Training Center, y Support Center) cuando se ejecutan en Microsoft Windows. La vulnerabilidad es un defecto de dise\u00f1o del int\u00e9rprete de respuesta de una interfaz de programaci\u00f3n de aplicaciones (API) dentro de la extensi\u00f3n. Un atacante que pueda convencer al usuario afectado para visitar una p\u00e1gina web controlada por un hacker o a pulsar un enlace proporcionado por un atacante con un navegador afectado puede explotar la vulnerabilidad. Si tiene \u00e9xito, el atacante puede ejecutar c\u00f3digo arbitrario con los privilegios del navegador afectado."
}
],
"id": "CVE-2017-3823",
"lastModified": "2024-11-21T03:26:11.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T11:59:00.133",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1037680"
},
{
"source": "ykramarz@cisco.com",
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"source": "ykramarz@cisco.com",
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"source": "ykramarz@cisco.com",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"source": "ykramarz@cisco.com",
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/909240"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-30 09:29
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/102001 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102001 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | t29 | |
| cisco | webex_meeting_center | t30 | |
| cisco | webex_meeting_center | t31 | |
| cisco | webex_meeting_center | t32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t29:*:*:*:*:*:*:*",
"matchCriteriaId": "17BA5D45-3F53-4D9A-8D5C-6ADEC17BE474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6684FF-C2D7-440F-9FCF-9002F78A4CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4B95A9-34C9-4C3D-B68C-A48E7A190EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2F2F01-6B6B-4F77-95C6-4200325B2174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco WebEx Network Recording Player para archivos WebEx Recording Format (WRF) podr\u00eda permitir que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Un atacante podr\u00eda explotar esta vulnerabilidad proporcion\u00e1ndole a un usuario un archivo WRF malicioso mediante correo electr\u00f3nico o URL y convenci\u00e9ndolo para que abra el archivo. Un exploit con \u00e9xito podr\u00eda dar lugar a que un reproductor afectado se cierre inesperadamente, provocando una condici\u00f3n de DoS. Esta vulnerabilidad afecta a sitios de reuni\u00f3n Cisco WebEx Business Suite, Cisco WebEx Meetings y a los reproductores Cisco WebEx WRF. Cisco Bug IDs: CSCve30294, CSCve30301."
}
],
"id": "CVE-2017-12360",
"lastModified": "2024-11-21T03:09:22.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-30T09:29:01.307",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102001"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-24 10:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39467 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securityfocus.com/bid/75381 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032705 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39467 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75381 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032705 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466."
},
{
"lang": "es",
"value": "Cisco WebEx Meeting Center permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados, tal y como fue demostrado mediante el descubrimiento de credenciales, tambi\u00e9n conocido como Bug ID CSCut17466."
}
],
"id": "CVE-2015-4212",
"lastModified": "2024-11-21T02:30:38.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-24T10:59:08.087",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39467"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75381"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-02 23:00
Modified
2024-11-21 01:18
Severity ?
Summary
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | 27.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "451DE486-CE76-4B7A-9451-4F0BBD63C96B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Cisco WebEx Meeting Center T27LB anteriores a SP21 EP3 y T27LC anteriores a SP22, permite a usuarios remotos asistidos por usuarios a ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero .atp manipulado y desconect\u00e1ndolo de la conferencia. NOTA: Dado que es una cuesti\u00f3n exclusiva de las especificaciones del sitio sin efecto concreto para los usuarios, podr\u00eda ser rechazada.\r\n"
}
],
"id": "CVE-2010-3270",
"lastModified": "2024-11-21T01:18:24.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.2,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-02T23:00:32.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025015"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/516095/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46078"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516095/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0260"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-26 07:59
Modified
2024-11-21 03:26
Severity ?
Summary
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/95642 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1037647 | ||
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95642 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037647 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | wbs28_base |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:wbs28_base:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7551C8-7EF8-448E-97B0-6DD466E788DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad en un par\u00e1metro URL de Cisco WebEx Meeting Center podr\u00eda permitir a un atacante remoto no autenticado realizar redirecci\u00f3n de sitio. M\u00e1s informaci\u00f3n: CSCzu78401. Lanzamientos afectados conocidos: T28.1."
}
],
"id": "CVE-2017-3799",
"lastModified": "2024-11-21T03:26:08.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-26T07:59:00.483",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95642"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1037647"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-14 22:55
Modified
2024-11-21 02:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el subsistema mobile-browser de Cisco WebEx Meeting Center permite a atacantes remotos inyectar script o HTML arbitrario a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCul36228."
}
],
"id": "CVE-2013-6962",
"lastModified": "2024-11-21T02:00:03.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-14T22:55:14.333",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/100906"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6962"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/64275"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89694"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-17 11:59
Modified
2024-11-21 02:23
Severity ?
Summary
Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165."
},
{
"lang": "es",
"value": "Cisco WebEx Meeting Center permite a atacantes remotos activar atributos de reuniones deshabilitados, y como consecuencia obtener informaci\u00f3n sensible, mediante la provisi\u00f3n de par\u00e1metros manipulados durante una acci\u00f3n meeting-join, tambi\u00e9n conocido como Bug ID CSCuo34165."
}
],
"id": "CVE-2015-0590",
"lastModified": "2024-11-21T02:23:22.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-17T11:59:05.030",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1031558"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100576"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-14 19:59
Modified
2024-11-21 02:23
Severity ?
Summary
Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281."
},
{
"lang": "es",
"value": "Cisco WebEx Meeting Center no restringe correctamente el contenido de las URLs, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores relacionados con URIs file:, tambi\u00e9n conocido como Bug ID CSCus18281."
}
],
"id": "CVE-2015-0583",
"lastModified": "2024-11-21T02:23:21.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-14T19:59:04.867",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0583"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/72012"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100565"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-23 14:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39459 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securityfocus.com/bid/75351 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032705 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39459 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75351 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032705 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913."
},
{
"lang": "es",
"value": "Cisco WebEx Meeting Center no determina correctamente la autorizaci\u00f3n para la lectura de un calendar de anfitri\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la obtenci\u00f3n de una lista de todas las reuniones y posteriormente el el env\u00edo de una solicitud de calendar a cada una, tambi\u00e9n conocida como Bug ID CSCur23913."
}
],
"id": "CVE-2015-4209",
"lastModified": "2024-11-21T02:30:38.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-23T14:59:04.557",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39459"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75351"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032705"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-14 22:55
Modified
2024-11-21 02:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Collaboration Partner Access Console (CPAC) de Cisco WebEx Meeting Center permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCul36237."
}
],
"id": "CVE-2013-6961",
"lastModified": "2024-11-21T02:00:03.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-14T22:55:14.300",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/100905"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6961"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/64288"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89696"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-30 09:29
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/101984 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1039918 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101984 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039918 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | t32.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DC231A3B-FA47-4275-9051-A5CCD91A5FDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco WebEx Meeting Center podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de un sistema afectado. La vulnerabilidad se debe a una validaci\u00f3n de entradas insuficiente de algunos par\u00e1metros que se pasan al servidor web del sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario de que acceda a un enlace malicioso o interceptando una petici\u00f3n de usuario e inyectando c\u00f3digo malicioso en la petici\u00f3n. Un exploit con \u00e9xito podr\u00eda permitir que el atacante ejecute c\u00f3digo script arbitrario en el contexto de la interfaz web afectada o que acceda a informaci\u00f3n sensible del navegador. Cisco Bug IDs: CSCvf78635, CSCvg52440."
}
],
"id": "CVE-2017-12366",
"lastModified": "2024-11-21T03:09:23.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-30T09:29:01.527",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101984"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039918"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-21 01:04
Modified
2024-11-21 02:02
Severity ?
Summary
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D89AB9C-3475-4BC9-B3B1-6F13D07BA290",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser\u0027s history, aka Bug ID CSCul98272."
},
{
"lang": "es",
"value": "WebEx Meeting Center en Cisco WebEx Business Suite no compone debidamente URLs para solicitudes HTTP GET, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de (1) registros de acceso del servidor web, (2) registros Referer del servidor web o (3) un historial del navegador, tambi\u00e9n conocido como Bug ID CSCul98272."
}
],
"id": "CVE-2014-0708",
"lastModified": "2024-11-21T02:02:40.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-21T01:04:02.903",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-30 09:29
Modified
2024-11-21 03:09
Severity ?
Summary
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meeting_center | t29 | |
| cisco | webex_meeting_center | t30 | |
| cisco | webex_meeting_center | t31 | |
| cisco | webex_meeting_center | t32 | |
| cisco | webex_meetings_server | 2.6.0 | |
| cisco | webex_meetings_server | 2.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t29:*:*:*:*:*:*:*",
"matchCriteriaId": "17BA5D45-3F53-4D9A-8D5C-6ADEC17BE474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6684FF-C2D7-440F-9FCF-9002F78A4CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4B95A9-34C9-4C3D-B68C-A48E7A190EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2F2F01-6B6B-4F77-95C6-4200325B2174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8745FD6-B0B3-46A9-9254-7B13877D7080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34C96C95-6BBA-4D4D-96E1-3102029905D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en Cisco WebEx Network Recording Player para archivos Advanced Recording Format (.arf) podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario en un sistema. Un atacante podr\u00eda explotar esta vulnerabilidad proporcion\u00e1ndole a un usuario un archivo .arf malicioso mediante correo electr\u00f3nico o URL y convenci\u00e9ndolo para que ejecute el archivo. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario en el sistema del usuario objetivo. Esta vulnerabilidad afecta a sitios de reuni\u00f3n Cisco WebEx Business Suite, Cisco WebEx Meetings, Cisco WebEx Meetings Server y a los reproductores Cisco WebEx ARF. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543."
}
],
"id": "CVE-2017-12359",
"lastModified": "2024-11-21T03:09:22.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-30T09:29:01.277",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/102186"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/102186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}