Lucene search

CiscoCVE-2015-0596

HistoryFeb 02, 2015 - 1:59 a.m.

CVE-2015-0596

2015-02-0201:59:07

CWE-352

cisco

web.nvd.nist.gov

cve-2015-0596

csrf

vulnerability

cisco webex

meetings server

remote attackers

authentication

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.004

Percentile

73.1%

JSON

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163.

Affected configurations

Nvd

Node

ciscowebex_meetings_serverRange≤1.5\(.1.131\)

VendorProductVersionCPE
ciscowebex_meetings_server*cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_meetings_server	*	cpe:2.3:a:cisco:webex_meetings_server::::::::

References

secunia.com/advisories/61797

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0596

tools.cisco.com/security/center/viewAlert.x?alertId=37239

www.securityfocus.com/bid/72371

www.securitytracker.com/id/1031677

exchange.xforce.ibmcloud.com/vulnerabilities/100665

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.004

Percentile

73.1%

JSON

Related for CVE-2015-0596