CVE-2014-2199
CVSS V2 Medium 5
CVSS V3 None
Description
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.
Overview
- CVE ID
- CVE-2014-2199
- Assigner
- ykramarz@cisco.com
- Vulnerability Status
- Analyzed
- Published Version
- 2014-05-20T11:13:37
- Last Modified Date
- 2016-09-07T18:17:03
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:cisco:webex_business_suite:27.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:webex_business_suite:28.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:webex_business_suite:29.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:webex_event_center:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:* | 1 | OR | 1.5\(.1.131\) | |
| cpe:2.3:a:cisco:webex_sales_center:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 5
- Severity
- MEDIUM
- Exploitability Score
- 10
- Impact Score
- 2.9
References
| Reference URL | Reference Tags |
|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199 | Vendor Advisory |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=34252 | Vendor Advisory |
| http://www.securitytracker.com/id/1030251 | Third Party Advisory VDB Entry |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2014-2199 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2199 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 10:13:59 | Added to TrackCVE | |||
| 2022-12-01 23:09:56 | psirt@cisco.com | ykramarz@cisco.com | CVE Assigner | updated |
| 2022-12-01 23:09:56 | 2014-05-20T11:13Z | 2014-05-20T11:13:37 | CVE Published Date | updated |
| 2022-12-01 23:09:56 | 2016-09-07T18:17:03 | CVE Modified Date | updated | |
| 2022-12-01 23:09:56 | Analyzed | Vulnerability Status | updated |