CVE-2013-3425Sensitive Information Exposure in Cisco Webex

CWE-264CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.2%
top 59.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex
Timeline
PublishedJul 31
Latest updateMay 17

Description

The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/webex11.0

🔴Vulnerability Details

2
GHSA
GHSA-5w5x-ffjj-2495: The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists,2022-05-17
CVEList
CVE-2013-3425: The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists,2013-07-31

📋Vendor Advisories

1
Cisco
Cisco WebEx Error Message Information Disclosure Vulnerability2013-08-02
CVE-2013-3425 — Sensitive Information Exposure in Cisco | cvebase