Vulnerability Details : CVE-2013-6709
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.
Vulnerability category: Information leak
Products affected by CVE-2013-6709
- cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6709
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6709
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-6709
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6709
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709
Cisco Webex Training Center Session Password and Access Code Disclosure VulnerabilityVendor Advisory
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=32153
Cisco Webex Training Center Session Password and Access Code Disclosure VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1029492
Cisco WebEx Training Center Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks and Obtain Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
Jump to