Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability

Cisco-SA-20131213-CVE-2013-6965 · Medium · Published · Updated

A vulnerability in the training center registration page of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to attend the audio conference for a training session without having to confirm the email address. The vulnerability is due to the disclosure of the training session information URL before registration is complete. An attacker could exploit this vulnerability by gathering the training session access code and password from the disclosed URL and using the information to join the audio conference for a training session without receiving the registration email. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. To exploit this vulnerability, it is likely that an attacker would need access to the training session URL prior to an exploit attempt. In a typical enterprise environment, the training session URL would originate from a device located on a trusted, internal network, reducing the possibility of a successful attack. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-6965
Cisco Bug IDsCSCul36183
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco WebEx Training Center

Related Products

Product CVE Evidence
Cisco WebEx Training Center CVE-2013-6965 Cisco OpenVuln