Details of VAR-201304-0274

ID

VAR-201304-0274

CVE

CVE-2013-1169

TITLE

Cisco Unified MeetingPlace Web Conferencing Server Vulnerabilities impersonating users

Trust: 0.8

sources: JVNDB: JVNDB-2013-002224

DESCRIPTION

Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846. Vendors have confirmed this vulnerability Bug ID CSCuc64846 It is released as.Skillfully crafted by a third party login It is possible to impersonate a user via a request. Cisco Unified MeetingPlace is prone to an arbitrary login security vulnerability. A remote attacker can exploit this issue to impersonate a legitimate user and send arbitrary commands to the affected system. This issue is being tracked by Cisco Bug ID CSCuc64846. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing. The vulnerability comes from the fact that the program does not verify the COOKIE correctly when the Remember Me option is enabled

Trust: 1.98

sources: NVD: CVE-2013-1169 // JVNDB: JVNDB-2013-002224 // BID: 59014 // VULHUB: VHN-61171

AFFECTED PRODUCTS

vendor:	cisco	model:	unified meetingplace web conferencing server	scope:	eq	version:	8.5	Trust: 1.6
vendor:	cisco	model:	unified meetingplace web conferencing server	scope:	eq	version:	8.0	Trust: 1.6
vendor:	cisco	model:	unified meetingplace web conferencing server	scope:	eq	version:	7.1	Trust: 1.6
vendor:	cisco	model:	unified meetingplace web conferencing server	scope:	lt	version:	8.0	Trust: 0.8
vendor:	cisco	model:	unified meetingplace web conferencing server	scope:	eq	version:	8.0mr1 patch 2	Trust: 0.8
vendor:	cisco	model:	unified meetingplace web conferencing server	scope:	lt	version:	8.5	Trust: 0.8
vendor:	cisco	model:	unified meetingplace web conferencing server	scope:	eq	version:	8.5mr3 patch 1	Trust: 0.8
vendor:	cisco	model:	unified meetingplace web conferencing server	scope:	eq	version:	7.1mr1 patch 2	Trust: 0.8
vendor:	cisco	model:	unified meetingplace web conferencing server	scope:	lt	version:	7.x	Trust: 0.8

sources: JVNDB: JVNDB-2013-002224 // CNNVD: CNNVD-201304-188 // NVD: CVE-2013-1169

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1169
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1169
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201304-188
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-61171
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1169
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61171
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61171 // JVNDB: JVNDB-2013-002224 // CNNVD: CNNVD-201304-188 // NVD: CVE-2013-1169

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-61171 // JVNDB: JVNDB-2013-002224 // NVD: CVE-2013-1169

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-188

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201304-188

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002224

PATCH

title:	cisco-sa-20130410-mp	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp	Trust: 0.8
title:	28813	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=28813	Trust: 0.8
title:	cisco-sa-20130410-mp	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117742_cisco-sa-20130410-mp-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-002224

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1169	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-002224	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-188	Trust: 0.7
db:	SECUNIA	id:	53014	Trust: 0.6
db:	CISCO	id:	20130410 MULTIPLE VULNERABILITIES IN CISCO UNIFIED MEETINGPLACE SOLUTION	Trust: 0.6
db:	BID	id:	59014	Trust: 0.4
db:	VULHUB	id:	VHN-61171	Trust: 0.1

sources: VULHUB: VHN-61171 // BID: 59014 // JVNDB: JVNDB-2013-002224 // CNNVD: CNNVD-201304-188 // NVD: CVE-2013-1169

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130410-mp	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1169	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1169	Trust: 0.8
url:	http://secunia.com/advisories/53014	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html	Trust: 0.3

sources: VULHUB: VHN-61171 // BID: 59014 // JVNDB: JVNDB-2013-002224 // CNNVD: CNNVD-201304-188 // NVD: CVE-2013-1169

CREDITS

Cisco

Trust: 0.3

sources: BID: 59014

SOURCES

db:	VULHUB	id:	VHN-61171
db:	BID	id:	59014
db:	JVNDB	id:	JVNDB-2013-002224
db:	CNNVD	id:	CNNVD-201304-188
db:	NVD	id:	CVE-2013-1169

LAST UPDATE DATE

2025-04-11T22:59:11.595000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61171	date:	2013-04-15T00:00:00
db:	BID	id:	59014	date:	2013-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002224	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-188	date:	2013-04-12T00:00:00
db:	NVD	id:	CVE-2013-1169	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61171	date:	2013-04-11T00:00:00
db:	BID	id:	59014	date:	2013-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002224	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-188	date:	2013-04-12T00:00:00
db:	NVD	id:	CVE-2013-1169	date:	2013-04-11T10:55:02.037