Sign-up

ID

VAR-201701-0723


CVE

CVE-2017-3797


TITLE

Cisco WebEx Meetings Server In WebEx Vulnerability in which the fully qualified domain name of the management server is displayed

Trust: 0.8

sources: JVNDB: JVNDB-2017-001383

DESCRIPTION

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvb60655. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There are security vulnerabilities in CWMS

Trust: 1.98

sources: NVD: CVE-2017-3797 // JVNDB: JVNDB-2017-001383 // BID: 95639 // VULHUB: VHN-112000

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7.1

Trust: 2.4

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7_base

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7 base

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

sources: BID: 95639 // JVNDB: JVNDB-2017-001383 // CNNVD: CNNVD-201701-781 // NVD: CVE-2017-3797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3797
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3797
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201701-781
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112000
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3797
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112000
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3797
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112000 // JVNDB: JVNDB-2017-001383 // CNNVD: CNNVD-201701-781 // NVD: CVE-2017-3797

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-112000 // JVNDB: JVNDB-2017-001383 // NVD: CVE-2017-3797

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-781

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201701-781

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001383

PATCH
title:cisco-sa-20170118-wms3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3
Trust: 0.8
title:Cisco WebEx Meetings Server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67339
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-001383 // 
            
            
            
            CNNVD: CNNVD-201701-781

EXTERNAL IDS
db:NVDid:CVE-2017-3797
Trust: 2.8
db:BIDid:95639
Trust: 2.0
db:SECTRACKid:1037648
Trust: 1.1
db:JVNDBid:JVNDB-2017-001383
Trust: 0.8
db:CNNVDid:CNNVD-201701-781
Trust: 0.7
db:VULHUBid:VHN-112000
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112000 // 
            
            
            
            BID: 95639 // 
            
            
            
            JVNDB: JVNDB-2017-001383 // 
            
            
            
            CNNVD: CNNVD-201701-781 // 
            
            
            
            NVD: CVE-2017-3797

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170118-wms3
Trust: 2.0
url:http://www.securityfocus.com/bid/95639
Trust: 1.7
url:http://www.securitytracker.com/id/1037648
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3797
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3797
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112000 // 
            
            
            
            BID: 95639 // 
            
            
            
            JVNDB: JVNDB-2017-001383 // 
            
            
            
            CNNVD: CNNVD-201701-781 // 
            
            
            
            NVD: CVE-2017-3797

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 95639 // 
            
            
            
            CNNVD: CNNVD-201701-781

SOURCES
db:VULHUBid:VHN-112000
db:BIDid:95639
db:JVNDBid:JVNDB-2017-001383
db:CNNVDid:CNNVD-201701-781
db:NVDid:CVE-2017-3797

LAST UPDATE DATE
2024-11-23T22:56:20.099000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112000date:2017-07-26T00:00:00
db:BIDid:95639date:2017-01-23T01:11:00
db:JVNDBid:JVNDB-2017-001383date:2017-02-09T00:00:00
db:CNNVDid:CNNVD-201701-781date:2017-01-23T00:00:00
db:NVDid:CVE-2017-3797date:2024-11-21T03:26:08.093

SOURCES RELEASE DATE
db:VULHUBid:VHN-112000date:2017-01-26T00:00:00
db:BIDid:95639date:2017-01-18T00:00:00
db:JVNDBid:JVNDB-2017-001383date:2017-02-09T00:00:00
db:CNNVDid:CNNVD-201701-781date:2017-01-20T00:00:00
db:NVDid:CVE-2017-3797date:2017-01-26T07:59:00.403