CVE Vulnerabilities

CVE-2014-0691

Insufficient Entropy

Published: Oct 24, 2017 | Modified: Nov 14, 2017
CVSS 3.x
7.3
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.

Weakness

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Affected Software

Name Vendor Start Version End Version
Webex_meetings_server Cisco * 1.0 (including)

Potential Mitigations

References