CVE-2009-0614

Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:C

Exploitability : 10.0 / Impact : 8.5

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33901	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/48888	VDB Entry
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33901	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/48888	VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_meetingplace_web_conferencing::::::::
	cpe:2.3:a:cisco:unified_meetingplace_web_conferencing::::::::

History

21 Nov 2024, 01:00

Type	Values Removed	Values Added
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml - Vendor Advisory~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/33901 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/33901 - Third Party Advisory, VDB Entry
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/48888 - VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/48888 - VDB Entry

Information

Published : 2009-02-26 16:17

Updated : 2024-11-21 01:00

NVD link : CVE-2009-0614

Mitre link : CVE-2009-0614

CVE.ORG link : CVE-2009-0614

JSON object : View

Products Affected

cisco

unified_meetingplace_web_conferencing

CWE

CWE-287

Improper Authentication

{"id": "CVE-2009-0614", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 8.5, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-02-26T16:17:20.017", "references": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/33901", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888", "tags": ["VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/33901", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888", "tags": ["VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en Cisco Unified MeetingPlace Web Conferencing Web 6.0 antes de 6.0(517.0) (alias 6.0 MR4) y 7.0 antes de 7.0 (2) (alias 7.0 MR1) permite a atacantes remotos eludir la autenticaci\u00f3n y obtener acceso administrativo a trav\u00e9s de una URL modificada."}], "lastModified": "2024-11-21T01:00:31.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F3658DA-A276-44AD-A3CB-E1CB86ED7F88", "versionEndExcluding": "6.0\\(517.0\\)", "versionStartIncluding": "6.0\\(171\\)"}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81EA2062-D903-4A88-B8D3-899221F69924", "versionEndExcluding": "7.0\\(2\\)", "versionStartIncluding": "7.0\\(1\\)"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}