Vulnslist

find the latest Cisco vulnerabilities

Cisco WebEx Meetings Server User Enumeration Vulnerability

Cisco-SA-20150114-CVE-2014-8034 · Medium · Published · Updated

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to guess valid user accounts on the targeted system. The vulnerability exists because the affected software fails to refresh the CAPTCHA on the login page. An attacker could exploit this vulnerability by conducting unlimited user account guessing attempts against an affected server. A successful exploit may allow an attacker to discover valid user accounts on the server. Cisco has confirmed the vulnerability and released updated software. To exploit the vulnerability, the attacker may need to have access to trusted or internal networks to conduct brute-force attacks against the targeted system. This access requirement could limit the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2014-8034
Cisco Bug IDsCSCuj40321
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco WebEx Meetings Server

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2014-8034 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2014-8034 Cisco OpenVuln