Vulnerability CVE-2014-0691

Vulnerability Name:

CVE-2014-0691 (CCN-134097)

Assigned:

2014-01-02

Published:

2014-01-02

Updated:

2017-11-14

Summary:

Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.

CVSS v3 Severity:

7.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-331

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2014-0691

Source: XF
Type: UNKNOWN
cisco-cve20140691-sec-bypass(134097)

Source: CCN
Type: Cisco Web site
Release Notes for Cisco WebEx Meetings Server Release 1.1

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/1_1/b_Release_Notes.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:cisco:webex_meetings_server:*:*:*:*:*:*:*:* (Version <= 1.0)

Configuration CCN 1:

cpe:/a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20140691	V	CVE-2014-0691	2022-09-02
oval:org.opensuse.security:def:124107	P	kernel-default-4.12.14-94.41.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:123709	P	kernel-default-4.12.14-94.41.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:1	P	Mesa-20.2.4-57.13 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:103	P	libXdmcp-devel-1.1.2-1.23 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:112505	P	kernel-debug-4.8.13-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105998	P	kernel-debug-4.8.13-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:47300	P	kernel-default-4.4.73-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:87697	P	kernel-default-4.12.14-94.41.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13859	P	kernel-default-4.4.21-69.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47656	P	kernel-default-4.12.14-94.41.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14180	P	kernel-default-4.4.73-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:80389	P	kernel-default-4.4.21-69.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46979	P	kernel-default-4.4.21-69.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14536	P	kernel-default-4.12.14-94.41.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:83606	P	kernel-default-4.4.73-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:1768	P	Security update for bluez (Moderate)	2021-07-12
oval:org.opensuse.security:def:15970	P	kernel-docs-4.4.21-69.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48915	P	kernel-default-extra-4.12.14-94.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13569	P	kernel-default-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11843	P	kernel-default-4.4.21-69.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:77790	P	kernel-default-4.12.14-94.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1979	P	reiserfs-kmp-default-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17059	P	kernel-default-extra-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63103	P	kernel-default-livepatch-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15333	P	kernel-default-4.4.21-69.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48728	P	kernel-default-extra-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12778	P	cluster-md-kmp-default-4.4.73-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46447	P	kernel-default-3.12.28-4.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36428	P	kernel-docs-3.0.101-63.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76862	P	kernel-default-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16203	P	kernel-docs-4.4.73-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61192	P	kernel-default-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12155	P	kernel-default-4.4.73-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70933	P	kernel-default-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2014	P	kernel-default-livepatch-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124467	P	kernel-docs-4.12.14-94.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17112	P	kernel-default-extra-4.4.21-69.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63543	P	kernel-default-extra-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15587	P	kernel-docs-3.12.28-4.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48781	P	kernel-default-extra-4.4.21-69.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12788	P	cluster-md-kmp-default-4.12.14-94.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46689	P	kernel-default-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11328	P	kernel-default-3.12.28-4.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:77139	P	kernel-default-4.4.21-69.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16461	P	kernel-docs-4.12.14-94.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62857	P	kernel-docs-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48453	P	kernel-default-4.4.21-69.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12494	P	kernel-default-4.12.14-94.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:72576	P	kernel-docs-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2454	P	kernel-default-extra-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124707	P	kernel-default-extra-4.12.14-94.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17176	P	kernel-default-extra-4.4.73-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15766	P	kernel-docs-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48845	P	kernel-default-extra-4.4.73-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13327	P	kernel-default-3.12.28-4.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11566	P	kernel-default-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:77451	P	kernel-default-4.4.73-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:123983	P	cluster-md-kmp-default-4.12.14-94.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17009	P	kernel-default-extra-3.12.28-4.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63068	P	reiserfs-kmp-default-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48678	P	kernel-default-extra-3.12.28-4.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12768	P	cluster-md-kmp-default-4.4.21-69.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42571	P	kernel-default-3.0.101-63.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36164	P	kernel-default-3.0.101-63.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76624	P	kernel-default-3.12.28-4.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17246	P	kernel-default-extra-4.12.14-94.41.1 on GA media (Moderate)	2021-06-08

BACK