VAR-201407-0374
Vulnerability from variot - Updated: 2025-04-13 23:36The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. Vendors have confirmed this vulnerability Bug ID CSCup62442 and CSCup58463 It is released as.A third party may be able to read any file via a modified request. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. A remote attacker can read arbitrary files with a modified request. Cisco WebEx Meetings Client is prone to an arbitrary-file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the Web server and obtain potentially sensitive information. This issue is being tracked by Cisco bug IDs CSCup62442 and CSCup58463
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0374",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "webex meeting center",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings server",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "1.5(.1.131)"
},
{
"model": "webex meetings server",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5.1.6"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5.1.131"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04248"
},
{
"db": "BID",
"id": "68503"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003307"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-253"
},
{
"db": "NVD",
"id": "CVE-2014-3310"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:webex_meeting_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:webex_meetings_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003307"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "68503"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3310",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3310",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-04248",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71250",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3310",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3310",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-04248",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-253",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71250",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04248"
},
{
"db": "VULHUB",
"id": "VHN-71250"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003307"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-253"
},
{
"db": "NVD",
"id": "CVE-2014-3310"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. Vendors have confirmed this vulnerability Bug ID CSCup62442 and CSCup58463 It is released as.A third party may be able to read any file via a modified request. Cisco WebEx Meetings is a networked online conferencing product in Cisco\u0027s WebEx conferencing solution. A remote attacker can read arbitrary files with a modified request. Cisco WebEx Meetings Client is prone to an arbitrary-file-download vulnerability. \nAn attacker can exploit this issue to download arbitrary files from the Web server and obtain potentially sensitive information. \nThis issue is being tracked by Cisco bug IDs CSCup62442 and CSCup58463",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3310"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003307"
},
{
"db": "CNVD",
"id": "CNVD-2014-04248"
},
{
"db": "BID",
"id": "68503"
},
{
"db": "VULHUB",
"id": "VHN-71250"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3310",
"trust": 3.4
},
{
"db": "BID",
"id": "68503",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1030551",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003307",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-253",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-04248",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71250",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04248"
},
{
"db": "VULHUB",
"id": "VHN-71250"
},
{
"db": "BID",
"id": "68503"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003307"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-253"
},
{
"db": "NVD",
"id": "CVE-2014-3310"
}
]
},
"id": "VAR-201407-0374",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04248"
},
{
"db": "VULHUB",
"id": "VHN-71250"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04248"
}
]
},
"last_update_date": "2025-04-13T23:36:35.211000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco WebEx Meetings Client Arbitrary File Download Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310"
},
{
"title": "34893",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34893"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003307"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71250"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003307"
},
{
"db": "NVD",
"id": "CVE-2014-3310"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3310"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/68503"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030551"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94431"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3310"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3310"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04248"
},
{
"db": "VULHUB",
"id": "VHN-71250"
},
{
"db": "BID",
"id": "68503"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003307"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-253"
},
{
"db": "NVD",
"id": "CVE-2014-3310"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04248"
},
{
"db": "VULHUB",
"id": "VHN-71250"
},
{
"db": "BID",
"id": "68503"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003307"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-253"
},
{
"db": "NVD",
"id": "CVE-2014-3310"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04248"
},
{
"date": "2014-07-10T00:00:00",
"db": "VULHUB",
"id": "VHN-71250"
},
{
"date": "2014-07-10T00:00:00",
"db": "BID",
"id": "68503"
},
{
"date": "2014-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003307"
},
{
"date": "2014-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-253"
},
{
"date": "2014-07-10T11:06:27.880000",
"db": "NVD",
"id": "CVE-2014-3310"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04248"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-71250"
},
{
"date": "2014-07-10T00:00:00",
"db": "BID",
"id": "68503"
},
{
"date": "2014-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003307"
},
{
"date": "2014-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-253"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3310"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-253"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco WebEx Meetings Server and WebEx Meeting Center of WebEx Meetings Vulnerability in client to read arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003307"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-253"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…