Vulnslist

find the latest Cisco vulnerabilities

Cisco WebEx Meetings Client Arbitrary File Download Vulnerability

Cisco-SA-20140710-CVE-2014-3310 · Medium · Published · Updated

A vulnerability in the File Transfer functionality of the Cisco WebEx Meetings client could allow an unauthenticated, remote attacker to access arbitrary files on another user's computer also running the Cisco WebEx Meetings client. The vulnerability exists because the affected software does not properly verify that the file offered by a sending client is the same as the file requested by the receiving client. An attacker could exploit this vulnerability by using a modified Cisco WebEx Meetings client. Cisco has confirmed the vulnerability in a security notice and released software updates. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to disable the File Transfer feature on the Cisco WebEx Meetings Server setup if this feature is not needed.

Administrators are advised to monitor affected systems.

CVEsCVE-2014-3310
Cisco Bug IDsCSCup58463, CSCup62442
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco WebEx Meeting Center, Cisco WebEx Meetings Server

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2014-3310 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2014-3310 Cisco OpenVuln
Cisco WebEx Meeting Center CVE-2014-3310 Cisco OpenVuln