Sign-up

ID

VAR-201506-0295


CVE

CVE-2015-4207


TITLE

Cisco WebEx Meeting Center Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-003249

DESCRIPTION

Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. Cisco WebEx Meeting Center is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCus62147. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2015-4207 // JVNDB: JVNDB-2015-003249 // BID: 75350 // VULHUB: VHN-82168

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: BID: 75350 // JVNDB: JVNDB-2015-003249 // CNNVD: CNNVD-201506-406 // NVD: CVE-2015-4207

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4207
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4207
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-406
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82168
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4207
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82168
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82168 // JVNDB: JVNDB-2015-003249 // CNNVD: CNNVD-201506-406 // NVD: CVE-2015-4207

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-82168 // JVNDB: JVNDB-2015-003249 // NVD: CVE-2015-4207

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-406

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-406

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003249

PATCH
title:39457url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39457
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003249

EXTERNAL IDS
db:NVDid:CVE-2015-4207
Trust: 2.8
db:BIDid:75350
Trust: 1.4
db:SECTRACKid:1032705
Trust: 1.1
db:JVNDBid:JVNDB-2015-003249
Trust: 0.8
db:CNNVDid:CNNVD-201506-406
Trust: 0.7
db:VULHUBid:VHN-82168
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82168 // 
            
            
            
            BID: 75350 // 
            
            
            
            JVNDB: JVNDB-2015-003249 // 
            
            
            
            CNNVD: CNNVD-201506-406 // 
            
            
            
            NVD: CVE-2015-4207

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39457
Trust: 2.0
url:http://www.securityfocus.com/bid/75350
Trust: 1.1
url:http://www.securitytracker.com/id/1032705
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4207
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4207
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://meetmenow.webex.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82168 // 
            
            
            
            BID: 75350 // 
            
            
            
            JVNDB: JVNDB-2015-003249 // 
            
            
            
            CNNVD: CNNVD-201506-406 // 
            
            
            
            NVD: CVE-2015-4207

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75350

SOURCES
db:VULHUBid:VHN-82168
db:BIDid:75350
db:JVNDBid:JVNDB-2015-003249
db:CNNVDid:CNNVD-201506-406
db:NVDid:CVE-2015-4207

LAST UPDATE DATE
2025-04-13T23:14:32.179000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82168date:2016-12-28T00:00:00
db:BIDid:75350date:2015-06-22T00:00:00
db:JVNDBid:JVNDB-2015-003249date:2015-06-24T00:00:00
db:CNNVDid:CNNVD-201506-406date:2015-06-24T00:00:00
db:NVDid:CVE-2015-4207date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-82168date:2015-06-23T00:00:00
db:BIDid:75350date:2015-06-22T00:00:00
db:JVNDBid:JVNDB-2015-003249date:2015-06-24T00:00:00
db:CNNVDid:CNNVD-201506-406date:2015-06-24T00:00:00
db:NVDid:CVE-2015-4207date:2015-06-23T14:59:03.633