Vulnerability Description
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Webex Meetings Server | <= 1.5\(.1.131\) |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/58624
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3302Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35050Vendor Advisory
- http://www.securityfocus.com/bid/68904Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030646Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94892
- http://secunia.com/advisories/58624
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3302Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35050Vendor Advisory
- http://www.securityfocus.com/bid/68904Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030646Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94892
FAQ
What is CVE-2014-3302?
CVE-2014-3302 is a vulnerability with a CVSS score of 5.8 (MEDIUM). user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information ...
How severe is CVE-2014-3302?
CVE-2014-3302 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3302?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Webex Meetings Server.