Lucene search

[email protected]NVD:CVE-2017-12297

HistoryNov 30, 2017 - 9:29 a.m.

CVE-2017-12297

2017-11-3009:29:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a “URL Redirection Vulnerability.” The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.

Affected configurations

Nvd

Node

ciscowebex_meeting_centerMatcht30sp7

ciscowebex_meeting_centerMatcht30sp8

ciscowebex_meeting_centerMatcht30sp9

ciscowebex_meeting_centerMatcht31sp8

ciscowebex_meeting_centerMatcht31sp9

ciscowebex_meeting_centerMatcht32

ciscowebex_meeting_centerMatcht32.3

ciscowebex_meeting_centerMatcht32.4

ciscowebex_meeting_centerMatcht32.6

ciscowebex_meeting_centerMatcht32.7

ciscowebex_meeting_centerMatcht32.8

VendorProductVersionCPE
ciscowebex_meeting_centert30cpe:2.3:a:cisco:webex_meeting_center:t30:sp7:*:*:*:*:*:*
ciscowebex_meeting_centert30cpe:2.3:a:cisco:webex_meeting_center:t30:sp8:*:*:*:*:*:*
ciscowebex_meeting_centert30cpe:2.3:a:cisco:webex_meeting_center:t30:sp9:*:*:*:*:*:*
ciscowebex_meeting_centert31cpe:2.3:a:cisco:webex_meeting_center:t31:sp8:*:*:*:*:*:*
ciscowebex_meeting_centert31cpe:2.3:a:cisco:webex_meeting_center:t31:sp9:*:*:*:*:*:*
ciscowebex_meeting_centert32cpe:2.3:a:cisco:webex_meeting_center:t32:*:*:*:*:*:*:*
ciscowebex_meeting_centert32.3cpe:2.3:a:cisco:webex_meeting_center:t32.3:*:*:*:*:*:*:*
ciscowebex_meeting_centert32.4cpe:2.3:a:cisco:webex_meeting_center:t32.4:*:*:*:*:*:*:*
ciscowebex_meeting_centert32.6cpe:2.3:a:cisco:webex_meeting_center:t32.6:*:*:*:*:*:*:*
ciscowebex_meeting_centert32.7cpe:2.3:a:cisco:webex_meeting_center:t32.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_meeting_center	t30	cpe:2.3:a:cisco:webex_meeting_center:t30:sp7::::::
cisco	webex_meeting_center	t30	cpe:2.3:a:cisco:webex_meeting_center:t30:sp8::::::
cisco	webex_meeting_center	t30	cpe:2.3:a:cisco:webex_meeting_center:t30:sp9::::::
cisco	webex_meeting_center	t31	cpe:2.3:a:cisco:webex_meeting_center:t31:sp8::::::
cisco	webex_meeting_center	t31	cpe:2.3:a:cisco:webex_meeting_center:t31:sp9::::::
cisco	webex_meeting_center	t32	cpe:2.3:a:cisco:webex_meeting_center:t32:::::::*
cisco	webex_meeting_center	t32.3	cpe:2.3:a:cisco:webex_meeting_center:t32.3:::::::*
cisco	webex_meeting_center	t32.4	cpe:2.3:a:cisco:webex_meeting_center:t32.4:::::::*
cisco	webex_meeting_center	t32.6	cpe:2.3:a:cisco:webex_meeting_center:t32.6:::::::*
cisco	webex_meeting_center	t32.7	cpe:2.3:a:cisco:webex_meeting_center:t32.7:::::::*

Rows per page:

1-10 of 111

References

www.securityfocus.com/bid/101985

www.securitytracker.com/id/1039919

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

Related for NVD:CVE-2017-12297

prion1 cve1 cvelist1 cisco1