Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Webex Training Center Session Password and Access Code Disclosure Vulnerability

Cisco-SA-20131213-CVE-2013-6709 · Medium · Published · Updated

A vulnerability in the registration pages of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to obtain the password and access code for a paid training without paying or registering for the training. The vulnerability is due to disclosure of the training session information URL before the registration and payment are complete. An attacker could exploit this vulnerability by gathering the training session access code and password from the disclosed URL and use the information to join the audio conference. This vulnerability will not allow an attacker to join the web conference, only the audio conference. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-6709
Cisco Bug IDsCSCul57111
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco WebEx Training Center

Related Products

Product CVE Evidence
Cisco WebEx Training Center CVE-2013-6709 Cisco OpenVuln