CVE-2014-3395Improper Input Validation in Cisco Webex Meetings Server

CWE-20Improper Input ValidationCWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 55.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex Meetings Server
Timeline
PublishedSep 30
Latest updateMay 17

Description

Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-wvvr-qwjx-m9v3: Cisco WebEx Meetings Server (WMS) 22022-05-17
CVEList
CVE-2014-3395: Cisco WebEx Meetings Server (WMS) 22014-09-30

📋Vendor Advisories

1
Cisco
Cisco WebEx Meetings Server Arbitrary Download Vulnerability2014-09-30
CVE-2014-3395 — Improper Input Validation in Cisco | cvebase