Arbitrary File Download Vulnerability in Cisco WebEx Meetings Client
CVE-2014-3310

Currently unrated

Key Information:

Vendor: Cisco
Status: Webex Meeting Center; Webex Meetings Server
Vendor: CVE Published:; 10 July 2014

Summary

The File Transfer feature in Cisco WebEx Meetings Client does not properly verify that a requested file matches the intended files offered during a session. This vulnerability allows remote attackers to manipulate requests and access arbitrary files on the server. The issue has been associated with Bug IDs CSCup62442 and CSCup58463, potentially exposing sensitive information to unauthorized parties.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1030551

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/68503

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 10, 2014
Vulnerability Reserved
May 7, 2014