Skip to main content

Webex Meeting Center CVE-2016-1410

HIGH
Information Exposure (CWE-200)
2016-05-28 psirt@cisco.com
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 28, 2016 - 01:59 cve.org
HIGH 7.5

DescriptionCVE.org

Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.

AnalysisAI

Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. Affected products include: Cisco Webex Meeting Center.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2017-3823 HIGH POC
8.8 Feb 01

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta

CVE-2017-6753 HIGH
8.8 Jul 25

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated,

CVE-2015-6360 HIGH
7.5 Apr 21

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via

CVE-2015-4208 HIGH
7.5 Jun 24

Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers

CVE-2017-12359 MEDIUM
6.5 Nov 30

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could

CVE-2015-4209 MEDIUM
6.4 Jun 23

Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote at

CVE-2017-12366 MEDIUM
6.1 Nov 30

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site sc

CVE-2017-12298 MEDIUM
6.1 Oct 19

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site sc

CVE-2014-3311 MEDIUM
5.1 Jul 10

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx

CVE-2017-12286 MEDIUM
5.5 Oct 19

A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profi

CVE-2017-3799 MEDIUM
5.4 Jan 26

A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perf

CVE-2019-15987 MEDIUM
5.3 Nov 26

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center

Share

CVE-2016-1410 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy