CVE-2015-0589

The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/62799
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx	Vendor Advisory
http://www.securityfocus.com/bid/72493
http://www.securitytracker.com/id/1031692
https://exchange.xforce.ibmcloud.com/vulnerabilities/100719

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:webex_meetings_server:1.0:::::::*
	cpe:2.3:a:cisco:webex_meetings_server:1.1:::::::*
	cpe:2.3:a:cisco:webex_meetings_server:1.5:::::::*

History

No history.

Information

Published : 2015-02-07 15:59

Updated : 2024-02-28 12:20

NVD link : CVE-2015-0589

Mitre link : CVE-2015-0589

CVE.ORG link : CVE-2015-0589

JSON object : View

Products Affected

cisco

webex_meetings_server

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2015-0589", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-02-07T15:59:06.143", "references": [{"url": "http://secunia.com/advisories/62799", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/72493", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1031692", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460."}, {"lang": "es", "value": "La interfaz web administrativa en Cisco WebEx Meetings Server 1.0 hasta 1.5 permite a usuarios remotos autenticados ejecutar comandos del sistema operativo arbitrarios con privilegios root a trav\u00e9s de campos especificados, tambi\u00e9n conocido como Bug ID CSCuj40460."}], "lastModified": "2017-09-08T01:29:45.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCBD90AA-A7EB-4F48-AA80-366FD9D1FEAA"}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD58CDC2-0216-4AB9-85B7-8A4197BA53FD"}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C06D7CF0-1FD7-4FD1-9FAC-4A74E7AC18DB"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}