Vulnslist

find the latest Cisco vulnerabilities

Cisco WebEx Training Center Training Session Number Disclosure Vulnerability

Cisco-SA-20131213-CVE-2013-6972 · Medium · Published · Updated

A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to view the session number for trainings that require host approval before the host approves the attacker as an attendee. The vulnerability is due to inappropriate disclosure of sensitive information in server replies to clients. An attacker could exploit this vulnerability by viewing the source for the vulnerable pages. An attacker with a valid session number can use that number to join the audio portion of a conference even if the host has not approved the attacker as an attendee. The attacker would still require approval to join the web conference. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-6972
Cisco Bug IDsCSCul57126
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco WebEx Training Center

Related Products

Product CVE Evidence
Cisco WebEx Training Center CVE-2013-6972 Cisco OpenVuln