CVE-2014-8034 — Sensitive Information Exposure in Cisco Webex Meetings Server

CWE-255 CWE-200 — Sensitive Information Exposure CWE-416 — Use After Free5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 42.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Server

Timeline

PublishedJan 15

Latest updateMay 17

Description

Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/webex_meetings_server1.5

🔴Vulnerability Details

GHSA

GHSA-27fc-vfp8-wfj8: Cisco WebEx Meetings Server 1↗2022-05-17

▶

CVEList

CVE-2014-8034: Cisco WebEx Meetings Server 1↗2015-01-15

▶

📋Vendor Advisories

Cisco

Cisco WebEx Meetings Server User Enumeration Vulnerability↗2015-01-14

▶