CVE-2013-1232

The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:webex_meetings_server:-:::::::*
	cpe:2.3:a:cisco:webex_node_for_asr_1000_series:-:::::::*
	cpe:2.3:a:cisco:webex_node_for_mcs:-:::::::*

History

21 Nov 2024, 01:49

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232 - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232 - Vendor Advisory

Information

Published : 2013-05-04 03:24

Updated : 2024-11-21 01:49

NVD link : CVE-2013-1232

Mitre link : CVE-2013-1232

CVE.ORG link : CVE-2013-1232

JSON object : View

Products Affected

cisco

webex_node_for_mcs
webex_meetings_server
webex_node_for_asr_1000_series

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-1232", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-05-04T03:24:41.700", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252."}, {"lang": "es", "value": "La implementaci\u00f3n HTTP en Cisco WebEx Node para MCS, WebEx Meetings Server, y WebEx Node para ASR 1000 Series permite a atacantes remotos leer el contenido de las posiciones de memoria sin inicializar mediante una petici\u00f3n especialmente dise\u00f1ada, tambi\u00e9n conocido como Bug IDs CSCue36672, CSCue31363, CSCuf17466 y CSCug61252."}], "lastModified": "2024-11-21T01:49:09.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_meetings_server:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FE5F3F6-C7AE-4384-B58D-F0506719E35C"}, {"criteria": "cpe:2.3:a:cisco:webex_node_for_asr_1000_series:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD79F097-29A0-48E5-AEC6-3237440A58F2"}, {"criteria": "cpe:2.3:a:cisco:webex_node_for_mcs:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F435B36-842E-4983-B6F9-8D7AD0D59FB4"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}