ID
VAR-201701-0720
CVE
CVE-2017-3794
TITLE
Cisco WebEx Meetings Server Vulnerable to cross-site request forgery
Trust: 0.8
DESCRIPTION
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuz03317. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | cisco | model: | webex meetings server | scope: | eq | version: | 2.6.0 | Trust: 2.4 |
| vendor: | cisco | model: | webex meetings server | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
cross-site request forgery
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20170118-wms | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms | Trust: 0.8 |
| title: | Cisco WebEx Meetings Server Fixes for cross-site request forgery vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67345 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-3794 | Trust: 2.9 |
| db: | BID | id: | 95635 | Trust: 2.1 |
| db: | SECTRACK | id: | 1037649 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2017-001380 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201701-787 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-111997 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-3794 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170118-wms | Trust: 2.1 |
| url: | http://www.securityfocus.com/bid/95635 | Trust: 1.9 |
| url: | http://www.securitytracker.com/id/1037649 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3794 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3794 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/352.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-111997 |
| db: | VULMON | id: | CVE-2017-3794 |
| db: | BID | id: | 95635 |
| db: | JVNDB | id: | JVNDB-2017-001380 |
| db: | CNNVD | id: | CNNVD-201701-787 |
| db: | NVD | id: | CVE-2017-3794 |
LAST UPDATE DATE
2024-11-23T22:52:34.155000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-111997 | date: | 2017-07-26T00:00:00 |
| db: | VULMON | id: | CVE-2017-3794 | date: | 2017-07-26T00:00:00 |
| db: | BID | id: | 95635 | date: | 2017-01-23T01:11:00 |
| db: | JVNDB | id: | JVNDB-2017-001380 | date: | 2017-02-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201701-787 | date: | 2017-01-22T00:00:00 |
| db: | NVD | id: | CVE-2017-3794 | date: | 2024-11-21T03:26:07.733 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-111997 | date: | 2017-01-26T00:00:00 |
| db: | VULMON | id: | CVE-2017-3794 | date: | 2017-01-26T00:00:00 |
| db: | BID | id: | 95635 | date: | 2017-01-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-001380 | date: | 2017-02-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201701-787 | date: | 2017-01-20T00:00:00 |
| db: | NVD | id: | CVE-2017-3794 | date: | 2017-01-26T07:59:00.310 |