Details of VAR-201607-0429

ID

VAR-201607-0429

CVE

CVE-2016-1448

TITLE

Cisco WebEx Meetings Server Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2016-003780

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuy92706. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2016-1448 // JVNDB: JVNDB-2016-003780 // BID: 91799 // VULHUB: VHN-90267

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7.1	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7_base	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7	Trust: 1.1

sources: BID: 91799 // JVNDB: JVNDB-2016-003780 // NVD: CVE-2016-1448 // CNNVD: CNNVD-201607-437

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-1448
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201607-437
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90267
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-1448
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-90267
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2016-1448
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-90267 // JVNDB: JVNDB-2016-003780 // NVD: CVE-2016-1448 // CNNVD: CNNVD-201607-437

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-90267 // JVNDB: JVNDB-2016-003780 // NVD: CVE-2016-1448

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-437

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201607-437

CONFIGURATIONS

sources: NVD: CVE-2016-1448

PATCH

title:	cisco-sa-20160714-wms2	url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160714-wms2	Trust: 0.8
title:	Cisco WebEx Meetings Server Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62979	Trust: 0.6

sources: JVNDB: JVNDB-2016-003780 // CNNVD: CNNVD-201607-437

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1448	Trust: 2.8
db:	BID	id:	91799	Trust: 1.4
db:	SECTRACK	id:	1036320	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-003780	Trust: 0.8
db:	CNNVD	id:	CNNVD-201607-437	Trust: 0.7
db:	VULHUB	id:	VHN-90267	Trust: 0.1

sources: VULHUB: VHN-90267 // BID: 91799 // JVNDB: JVNDB-2016-003780 // NVD: CVE-2016-1448 // CNNVD: CNNVD-201607-437

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160714-wms2	Trust: 2.0
url:	http://www.securityfocus.com/bid/91799	Trust: 1.1
url:	http://www.securitytracker.com/id/1036320	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1448	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1448	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90267 // BID: 91799 // JVNDB: JVNDB-2016-003780 // NVD: CVE-2016-1448 // CNNVD: CNNVD-201607-437

CREDITS

Cisco

Trust: 0.3

sources: BID: 91799

SOURCES

db:	VULHUB	id:	VHN-90267
db:	BID	id:	91799
db:	JVNDB	id:	JVNDB-2016-003780
db:	NVD	id:	CVE-2016-1448
db:	CNNVD	id:	CNNVD-201607-437

LAST UPDATE DATE

2023-12-18T13:09:02.929000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90267	date:	2017-09-01T00:00:00
db:	BID	id:	91799	date:	2016-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-003780	date:	2016-07-21T00:00:00
db:	NVD	id:	CVE-2016-1448	date:	2017-09-01T01:29:03.913
db:	CNNVD	id:	CNNVD-201607-437	date:	2016-07-18T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90267	date:	2016-07-17T00:00:00
db:	BID	id:	91799	date:	2016-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-003780	date:	2016-07-21T00:00:00
db:	NVD	id:	CVE-2016-1448	date:	2016-07-17T22:59:02.193
db:	CNNVD	id:	CNNVD-201607-437	date:	2016-07-18T00:00:00