Published: 14/12/2013 Updated: 15/09/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote malicious users to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.

Affected Products

Vendor Product Versions
CiscoWebex Training Center-

Vendor Advisories

A vulnerability in the registration pages of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to obtain the password and access code for a paid training without paying or registering for the training The vulnerability is due to disclosure of the training session information URL before the registration and payment are co ...