Sign-up

ID

VAR-201701-0725


CVE

CVE-2017-3799


TITLE

Cisco WebEx Meeting Center of URL Parameter redirection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-001376

DESCRIPTION

A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco bug ID CSCzu78401. Cisco WebEx Meeting Center is an online meeting product in a set of WebEx meeting solutions of Cisco (Cisco). The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2017-3799 // JVNDB: JVNDB-2017-001376 // BID: 95642 // VULHUB: VHN-112002

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion:wbs28_base

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope:eqversion:wbs28 base

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: BID: 95642 // JVNDB: JVNDB-2017-001376 // CNNVD: CNNVD-201701-783 // NVD: CVE-2017-3799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3799
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3799
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201701-783
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112002
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3799
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112002
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3799
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112002 // JVNDB: JVNDB-2017-001376 // CNNVD: CNNVD-201701-783 // NVD: CVE-2017-3799

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-112002 // JVNDB: JVNDB-2017-001376 // NVD: CVE-2017-3799

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-783

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201701-783

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001376

PATCH
title:cisco-sa-20170118-wms4url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4
Trust: 0.8
title:Cisco WebEx Meeting Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67341
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-001376 // 
            
            
            
            CNNVD: CNNVD-201701-783

EXTERNAL IDS
db:NVDid:CVE-2017-3799
Trust: 2.8
db:BIDid:95642
Trust: 2.0
db:SECTRACKid:1037647
Trust: 1.1
db:JVNDBid:JVNDB-2017-001376
Trust: 0.8
db:CNNVDid:CNNVD-201701-783
Trust: 0.7
db:VULHUBid:VHN-112002
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112002 // 
            
            
            
            BID: 95642 // 
            
            
            
            JVNDB: JVNDB-2017-001376 // 
            
            
            
            CNNVD: CNNVD-201701-783 // 
            
            
            
            NVD: CVE-2017-3799

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170118-wms4
Trust: 2.0
url:http://www.securityfocus.com/bid/95642
Trust: 1.7
url:http://www.securitytracker.com/id/1037647
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3799
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3799
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112002 // 
            
            
            
            BID: 95642 // 
            
            
            
            JVNDB: JVNDB-2017-001376 // 
            
            
            
            CNNVD: CNNVD-201701-783 // 
            
            
            
            NVD: CVE-2017-3799

CREDITS
Lawrence Amer
Trust: 0.9
sources:
            
            
            BID: 95642 // 
            
            
            
            CNNVD: CNNVD-201701-783

SOURCES
db:VULHUBid:VHN-112002
db:BIDid:95642
db:JVNDBid:JVNDB-2017-001376
db:CNNVDid:CNNVD-201701-783
db:NVDid:CVE-2017-3799

LAST UPDATE DATE
2024-11-23T22:01:19.765000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112002date:2017-07-26T00:00:00
db:BIDid:95642date:2017-01-23T01:11:00
db:JVNDBid:JVNDB-2017-001376date:2017-02-09T00:00:00
db:CNNVDid:CNNVD-201701-783date:2017-01-22T00:00:00
db:NVDid:CVE-2017-3799date:2024-11-21T03:26:08.323

SOURCES RELEASE DATE
db:VULHUBid:VHN-112002date:2017-01-26T00:00:00
db:BIDid:95642date:2017-01-18T00:00:00
db:JVNDBid:JVNDB-2017-001376date:2017-02-09T00:00:00
db:CNNVDid:CNNVD-201701-783date:2017-01-20T00:00:00
db:NVDid:CVE-2017-3799date:2017-01-26T07:59:00.483