CVE-2013-6965

The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=32157	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965	Vendor Advisory
http://www.securitytracker.com/id/1029492	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/64281
http://osvdb.org/100911
https://exchange.xforce.ibmcloud.com/vulnerabilities/89691

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*

Information

Published : 2013-12-14 14:55

Updated : 2017-11-28 18:29

NVD link : CVE-2013-6965

Mitre link : CVE-2013-6965

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

cisco

webex_training_center

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157", "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965", "name": "20131212 Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id/1029492", "name": "1029492", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/64281", "name": "64281", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/100911", "name": "100911", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691", "name": "cisco-webex-cve20136965-info-disc(89691)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-6965", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-12-14T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-11-29T02:29Z"}