CVE-2009-0614 - OpenCVE

Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:N/AC:L/Au:N/C:P/I:P/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Unified Meetingplace Web Conferencing

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unified_meetingplace_web_conferencing::::::::
	cpe:2.3:a:cisco:unified_meetingplace_web_conferencing::::::::

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33901	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/48888	VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2009-02-26T16:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-02-18T00:00:00

Link: CVE-2009-0614

JSON object: View

NVD Information

Status : Analyzed

Published: 2009-02-26T16:17:20.017

Modified: 2018-11-08T20:21:06.283

Link: CVE-2009-0614

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-25T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20090225 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml"}, {"name": "33901", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33901"}, {"name": "cisco-meetingplace-unauth-access(48888)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2009-0614", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20090225 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml"}, {"name": "33901", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33901"}, {"name": "cisco-meetingplace-unauth-access(48888)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2009-0614", "datePublished": "2009-02-26T16:00:00", "dateReserved": "2009-02-18T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F3658DA-A276-44AD-A3CB-E1CB86ED7F88", "versionEndExcluding": "6.0\\(517.0\\)", "versionStartIncluding": "6.0\\(171\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:*:*:*:*:*:*:*:*", "matchCriteriaId": "81EA2062-D903-4A88-B8D3-899221F69924", "versionEndExcluding": "7.0\\(2\\)", "versionStartIncluding": "7.0\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en Cisco Unified MeetingPlace Web Conferencing Web 6.0 antes de 6.0(517.0) (alias 6.0 MR4) y 7.0 antes de 7.0 (2) (alias 7.0 MR1) permite a atacantes remotos eludir la autenticaci\u00f3n y obtener acceso administrativo a trav\u00e9s de una URL modificada."}], "id": "CVE-2009-0614", "lastModified": "2018-11-08T20:21:06.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-26T16:17:20.017", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/33901"}, {"source": "ykramarz@cisco.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}