CiscoCISCO-SA-20140710-CVE-2014-3310Cisco WebEx Meetings Client Arbitrary File Download Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
70.6%
A vulnerability in the File Transfer functionality of the Cisco WebEx Meetings client could allow an
unauthenticated, remote attacker to access arbitrary files on another
user’s computer also running the Cisco WebEx Meetings client.
The vulnerability exists because the affected software does not properly verify that the file offered by a sending client is the same as the file requested by the receiving client. An attacker could exploit
this vulnerability by using a modified Cisco WebEx Meetings client.
Cisco has confirmed the vulnerability in a security notice and released software updates.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | webex_meeting_center | any | cpe:2.3:a:cisco:webex_meeting_center:any:*:*:*:*:*:*:* |
| cisco | webex_meetings_server | any | cpe:2.3:a:cisco:webex_meetings_server:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
70.6%