Vulnerability Details : CVE-2009-0614

Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.

Vulnerability category: BypassGain privilege

Published 2009-02-26 16:17:20

Updated 2018-11-08 20:21:06

Source Cisco Systems, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-0614

Probability of exploitation activity in the next 30 days: 0.39%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-0614

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.0	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:C	10.0	8.5	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Complete

CWE ids for CVE-2009-0614

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: [email protected] (Primary)

References for CVE-2009-0614

https://exchange.xforce.ibmcloud.com/vulnerabilities/48888

VDB Entry
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml

Vendor Advisory
http://www.securityfocus.com/bid/33901

Third Party Advisory;VDB Entry

Products affected by CVE-2009-0614

Cisco » Unified Meetingplace Web Conferencing
Versions from including (>=) 6.0\(171\) and before (<) 6.0\(517.0\)
cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:*:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Meetingplace Web Conferencing
Versions from including (>=) 7.0\(1\) and before (<) 7.0\(2\)
cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:*:*:*:*:*:*:*:*
Matching versions