Vulnerability Description
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Webex | 11.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/95876
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86150
- http://osvdb.org/95876
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86150
FAQ
What is CVE-2013-3425?
CVE-2013-3425 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumer...
How severe is CVE-2013-3425?
CVE-2013-3425 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3425?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Webex.