CVE-2014-3310

Published: Jul 10, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

Affected (2)

Products: Cisco: Webex Meeting Center, Webex Meetings Server

2 products

Webex Meeting Center

Webex Meetings Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Webex Meeting Center	All versions
Cisco Webex Meetings Server	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/68503

Source: psirt@cisco.com

http://www.securitytracker.com/id/1030551

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/94431

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/68503

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030551

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/94431

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.