CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
69.0%
A vulnerability in the training center registration page of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to attend the audio conference for a training session without having to confirm the email address.
The vulnerability is due to the disclosure of the training session information URL before registration is complete. An attacker could exploit this vulnerability by gathering the training session access code and password from the disclosed URL and using the information to join the audio conference for a training session without receiving the registration email.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, it is likely that an attacker would need access to the training session URL prior to an exploit attempt. In a typical enterprise environment, the training session URL would originate from a device located on a trusted, internal network, reducing the possibility of a successful attack.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | webex_training_center | any | cpe:2.3:a:cisco:webex_training_center:any:*:*:*:*:*:*:* |