CVE-2013-1205

Published Jun 6, 2013

Last updated 11 years ago

Overview

Description: The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485.
Source: ykramarz@cisco.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-287

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FE5F3F6-C7AE-4384-B58D-F0506719E35C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References