Vulnerability CVE-2014-3305

Vulnerability Name:

CVE-2014-3305 (CCN-94894)

Assigned:

2014-07-25

Published:

2014-07-25

Updated:

2017-08-29

Summary:

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-352

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2014-3305

Source: CCN
Type: Cisco Security Notice
Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

Source: CISCO
Type: Vendor Advisory
20140725 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=35051

Source: BID
Type: Third Party Advisory, VDB Entry
68903

Source: CCN
Type: BID-68903
Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1030644

Source: XF
Type: UNKNOWN
cisco-webex-cve20143305-csrf(94894)

Source: XF
Type: UNKNOWN
cisco-webex-cve20143305-csrf(94894)

Vulnerable Configuration:

Configuration 1:

cpe:/a:cisco:webex_meetings_server:1.5:*:*:*:*:*:*:*

OR cpe:/a:cisco:webex_meetings_server:1.5(.1.6):*:*:*:*:*:*:*

OR cpe:/a:cisco:webex_meetings_server:*:*:*:*:*:*:*:* (Version <= 1.5(.1.131))

Configuration CCN 1:

cpe:/a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK