Skip to main content

Webex Meetings Server CVE-2015-0597

MEDIUM
Improper Input Validation (CWE-20)
2015-02-02 psirt@cisco.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 02, 2015 - 01:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159.

AnalysisAI

The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. Affected products include: Cisco Webex Meetings Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-3823 HIGH POC
8.8 Feb 01

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta

CVE-2017-6753 HIGH
8.8 Jul 25

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated,

CVE-2017-12372 CRITICAL
9.6 Nov 30

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Pla

CVE-2017-12368 CRITICAL
9.6 Nov 30

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Pla

CVE-2017-12367 CRITICAL
9.6 Nov 30

A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player

CVE-2020-3361 CRITICAL
9.8 Jun 18

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker

CVE-2018-0104 CRITICAL
9.6 Jan 04

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote a

CVE-2015-0589 CRITICAL
9.0 Feb 07

The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to exe

CVE-2020-3419 CRITICAL
9.1 Nov 18

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker

CVE-2018-0112 CRITICAL
9.0 Apr 19

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow

CVE-2016-1446 HIGH
8.8 Jul 15

SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQ

CVE-2017-12293 HIGH
8.6 Oct 19

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of serv

Share

CVE-2015-0597 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy