Skip to main content

Webex Meeting Center CVE-2014-3310

MEDIUM
Improper Input Validation (CWE-20)
2014-07-10 psirt@cisco.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 10, 2014 - 11:06 cve.org
MEDIUM 4.3

DescriptionCVE.org

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

AnalysisAI

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. Affected products include: Cisco Webex Meeting Center, Cisco Webex Meetings Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-3823 HIGH POC
8.8 Feb 01

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta

CVE-2017-6753 HIGH
8.8 Jul 25

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated,

CVE-2015-6360 HIGH
7.5 Apr 21

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via

CVE-2015-4208 HIGH
7.5 Jun 24

Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers

CVE-2016-1410 HIGH
7.5 May 28

Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username

CVE-2017-12359 MEDIUM
6.5 Nov 30

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could

CVE-2015-4209 MEDIUM
6.4 Jun 23

Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote at

CVE-2017-12366 MEDIUM
6.1 Nov 30

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site sc

CVE-2017-12298 MEDIUM
6.1 Oct 19

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site sc

CVE-2014-3311 MEDIUM
5.1 Jul 10

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx

CVE-2017-12286 MEDIUM
5.5 Oct 19

A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profi

CVE-2017-3799 MEDIUM
5.4 Jan 26

A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perf

Share

CVE-2014-3310 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy