CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
4.1 | $0-$5k | 0.00 |
A vulnerability was found in Cisco WebEx Social (Unified Communication Software) (the affected version is unknown). It has been rated as critical. This issue affects an unknown code of the component Input Field Handler. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. Impacted is integrity. The summary by CVE is:
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190.
The weakness was shared 05/14/2013 as WebEx Social Client-Side Restriction Bypass Attribute Change Vulnerability as confirmed advisory (Website). The advisory is shared at tools.cisco.com. The vendor cooperated in the coordination of the public release. The identification of this vulnerability is CVE-2013-1245 since 01/11/2013. The exploitation is known to be easy. The attack may be initiated remotely. A simple authentication is needed for exploitation. Neither technical details nor an exploit are publicly available. The advisory points out:
A vulnerability in the user management page of WebEx Social could allow an authenticated, remote attacker to inject arbitrary values into the Screen Name, Email Address, First Name, Middle Name, Last Name, and Job Title fields. The vulnerability is due to insufficient server-side validation of user-supplied information. An attacker could exploit this vulnerability by bypassing client-side protections to insert arbitrary values into the vulnerable fields.
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The entries 12153 and 12150 are related to this item.
Product
Type
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.1
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
01/11/2013 🔍05/14/2013 🔍
05/14/2013 🔍
05/15/2013 🔍
02/04/2014 🔍
03/29/2019 🔍
Sources
Vendor: cisco.comAdvisory: WebEx Social Client-Side Restriction Bypass Attribute Change Vulnerability
Status: Confirmed
Coordinated: 🔍
CVE: CVE-2013-1245 (🔍)
OSVDB: 93392
See also: 🔍
Entry
Created: 02/04/2014 14:38Updated: 03/29/2019 15:28
Changes: 02/04/2014 14:38 (45), 03/29/2019 15:28 (11)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.