Cisco-SA-20131213-CVE-2013-6971

Cisco WebEx Training Center Open Redirect Vulnerability

Cisco-SA-20131213-CVE-2013-6971 · Medium · Published 12 years ago · Updated 12 years ago

A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to cause the Cisco WebEx Training Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Training Center. An attacker could exploit this vulnerability by convincing a user to click a crafted URL that would cause Cisco WebEx Training Center to redirect the user to an attacker-specified website. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Users are advised not to visit websites or follow links that have suspicious characteristics or cannot be verified as safe.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEs	CVE-2013-6971
Cisco Bug IDs	CSCul57140
CVSS Score	Base 4.3 Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:U/RC:C
Product Names From Source	Cisco WebEx Training Center

Related Products

Product	CVE	Evidence
Cisco WebEx Training Center	CVE-2013-6971	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco WebEx Training Center Open Redirect Vulnerability

Workarounds

Related Products