Sign-up

ID

VAR-201702-0790


CVE

CVE-2017-3823


TITLE

Cisco WebEx web browser extension allows arbitrary code execution

Trust: 0.8

sources: CERT/CC: VU#909240

DESCRIPTION

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. Cisco WebEx Is an online conferencing system. WebEx In online meetings using, participants typically join the meeting through a link on a web page. By following the link, through web browser extensions WebEx The software is started. (CWE-78) Exists. This issue is being tracked by Cisco Bug IDs CSCvc86959 and CSCvc88194. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM). Cisco WebEx extensions and plugins have security vulnerabilities

Trust: 2.79

sources: NVD: CVE-2017-3823 // CERT/CC: VU#909240 // JVNDB: JVNDB-2017-001113 // BID: 95737 // VULHUB: VHN-112026 // VULMON: CVE-2017-3823

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr3

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr2

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr6

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr5

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr4

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0_mr9

Trust: 1.0

vendor:ciscomodel:webex meeting centerscope:eqversion:2.6_mr2

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6_base

Trust: 1.0

vendor:ciscomodel:webex meeting centerscope:eqversion:2.6_mr1

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7_mr2

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0_mr5

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_base

Trust: 1.0

vendor:ciscomodel:webex meeting centerscope:eqversion:t31_base

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0_mr7

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0_mr4

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6_mr2

Trust: 1.0

vendor:ciscomodel:webex meeting centerscope:eqversion:2.6_mr3

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6_mr1

Trust: 1.0

vendor:ciscomodel:webex meeting centerscope:eqversion:2.7_base

Trust: 1.0

vendor:ciscomodel:gpccontainer classscope:lteversion:10031.6.2017.0125

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0_mr2

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0_mr3

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6_mr3

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0_mr8

Trust: 1.0

vendor:ciscomodel:webex meeting centerscope:eqversion:2.7_mr1

Trust: 1.0

vendor:ciscomodel:activetouch general plugin containerscope:eqversion:105

Trust: 1.0

vendor:ciscomodel:webex meeting centerscope:eqversion:t29_base

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0_base

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7_base

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7_mr1

Trust: 1.0

vendor:ciscomodel:webex meeting centerscope:eqversion:t30_base

Trust: 1.0

vendor:ciscomodel:download managerscope:eqversion:2.1.0.9

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr1

Trust: 1.0

vendor:ciscomodel:webex meeting centerscope:eqversion:2.6_base

Trust: 1.0

vendor:ciscomodel:webex meeting centerscope:eqversion:2.7_mr2

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0_mr6

Trust: 1.0

vendor:ciscomodel:webexscope:lteversion:1.0.6

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:activetouch general plugin containerscope:ltversion:106 earlier (firefox)

Trust: 0.8

vendor:ciscomodel:webexscope:ltversion:extension 1.0.7 earlier (chrome)

Trust: 0.8

vendor:ciscomodel:download managerscope:ltversion:activex control 2.1.0.10 earlier (internet explorer)

Trust: 0.8

vendor:ciscomodel:gpccontainer class activex controlscope:ltversion:10031.6.2017.0127 earlier (internet explorer)

Trust: 0.8

vendor:mozillamodel:activetouch general plugin containerscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:webex internet explorer gpccontainer activexscope:eqversion:0

Trust: 0.3

vendor:googlemodel:webex extension for chromescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex extensionscope:eqversion:1.0.5

Trust: 0.3

vendor:ciscomodel:webex extensionscope:eqversion:1.0.3

Trust: 0.3

vendor:ciscomodel:webex extensionscope:eqversion:1.0.2

Trust: 0.3

vendor:mozillamodel:activetouch general plugin containerscope:neversion:106

Trust: 0.3

vendor:microsoftmodel:webex internet explorer gpccontainer activexscope:neversion:10031.6.2017.0127

Trust: 0.3

vendor:googlemodel:webex extension for chromescope:neversion:1.0.7

Trust: 0.3

sources: CERT/CC: VU#909240 // BID: 95737 // JVNDB: JVNDB-2017-001113 // CNNVD: CNNVD-201702-072 // NVD: CVE-2017-3823

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-3823
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2017-3823
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201702-072
value: HIGH

Trust: 0.6

VULHUB: VHN-112026
value: HIGH

Trust: 0.1

VULMON: CVE-2017-3823
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-3823
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2017-3823
severity: HIGH
baseScore: 7.5
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-112026
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3823
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CERT/CC: VU#909240 // VULHUB: VHN-112026 // VULMON: CVE-2017-3823 // JVNDB: JVNDB-2017-001113 // CNNVD: CNNVD-201702-072 // NVD: CVE-2017-3823

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-78

Trust: 0.8

sources: VULHUB: VHN-112026 // JVNDB: JVNDB-2017-001113 // NVD: CVE-2017-3823

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-072

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201702-072

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001113

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#909240 // 
            
            
            
            VULHUB: VHN-112026

PATCH
title:Cisco WebEx Browser Extension Remote Code Execution Vulnerability (cisco-sa-20170124-webex)url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Trust: 0.8
title:Per-Site ActiveX Controlsurl:https://msdn.microsoft.com/en-us/library/dd433050(v=vs.85).aspx
Trust: 0.8
title:How to stop an ActiveX control from running in Internet Explorerurl:https://support.microsoft.com/ja-jp/help/240797/how-to-stop-an-activex-control-from-running-in-internet-explorer
Trust: 0.8
title:Meeting Services Removal Tool - Support Utilitiesurl:https://jajp.help.webex.com/docs/DOC-2672#jive_content_id_Meeting_Services_Removal_Tool_
Trust: 0.8
title:Cisco WebEx extensions  and plugins Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68286
Trust: 0.6
title:Cisco: Cisco WebEx Browser Extension Remote Code Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170124-webex
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2019/04/01/security_roundup_290319/
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2017/08/16/disdain_exploit_kit/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-3823 // 
            
            
            
            JVNDB: JVNDB-2017-001113 // 
            
            
            
            CNNVD: CNNVD-201702-072

EXTERNAL IDS
db:CERT/CCid:VU#909240
Trust: 3.1
db:NVDid:CVE-2017-3823
Trust: 2.9
db:BIDid:95737
Trust: 1.5
db:SECTRACKid:1037680
Trust: 1.2
db:JVNid:JVNVU90868591
Trust: 0.8
db:JVNDBid:JVNDB-2017-001113
Trust: 0.8
db:CNNVDid:CNNVD-201702-072
Trust: 0.7
db:PACKETSTORMid:140870
Trust: 0.1
db:VULHUBid:VHN-112026
Trust: 0.1
db:VULMONid:CVE-2017-3823
Trust: 0.1
sources:
            
            
            CERT/CC: VU#909240 // 
            
            
            
            VULHUB: VHN-112026 // 
            
            
            
            VULMON: CVE-2017-3823 // 
            
            
            
            BID: 95737 // 
            
            
            
            JVNDB: JVNDB-2017-001113 // 
            
            
            
            CNNVD: CNNVD-201702-072 // 
            
            
            
            NVD: CVE-2017-3823

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170124-webex
Trust: 2.9
url:https://www.kb.cert.org/vuls/id/909240
Trust: 2.4
url:https://bugs.chromium.org/p/project-zero/issues/detail?id=1096
Trust: 2.3
url:https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
Trust: 2.0
url:https://blog.filippo.io/webex-extension-vulnerability/
Trust: 2.0
url:http://www.securityfocus.com/bid/95737
Trust: 1.2
url:https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html
Trust: 1.2
url:http://www.securitytracker.com/id/1037680
Trust: 1.2
url:https://help.webex.com/docs/doc-2672
Trust: 0.8
url:https://msdn.microsoft.com/en-us/library/dd433050(v=vs.85).aspx#_user
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3823
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90868591/
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3823
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:webex.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CERT/CC: VU#909240 // 
            
            
            
            VULHUB: VHN-112026 // 
            
            
            
            VULMON: CVE-2017-3823 // 
            
            
            
            BID: 95737 // 
            
            
            
            JVNDB: JVNDB-2017-001113 // 
            
            
            
            CNNVD: CNNVD-201702-072 // 
            
            
            
            NVD: CVE-2017-3823

CREDITS
This vulnerability was reported to Cisco by Tavis Ormandy of Google.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201702-072

SOURCES
db:CERT/CCid:VU#909240
db:VULHUBid:VHN-112026
db:VULMONid:CVE-2017-3823
db:BIDid:95737
db:JVNDBid:JVNDB-2017-001113
db:CNNVDid:CNNVD-201702-072
db:NVDid:CVE-2017-3823

LAST UPDATE DATE
2024-11-23T22:38:37.977000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#909240date:2017-01-27T00:00:00
db:VULHUBid:VHN-112026date:2017-10-10T00:00:00
db:VULMONid:CVE-2017-3823date:2017-10-10T00:00:00
db:BIDid:95737date:2017-02-02T01:03:00
db:JVNDBid:JVNDB-2017-001113date:2017-03-16T00:00:00
db:CNNVDid:CNNVD-201702-072date:2019-03-29T00:00:00
db:NVDid:CVE-2017-3823date:2024-11-21T03:26:11.147

SOURCES RELEASE DATE
db:CERT/CCid:VU#909240date:2017-01-27T00:00:00
db:VULHUBid:VHN-112026date:2017-02-01T00:00:00
db:VULMONid:CVE-2017-3823date:2017-02-01T00:00:00
db:BIDid:95737date:2017-01-24T00:00:00
db:JVNDBid:JVNDB-2017-001113date:2017-01-31T00:00:00
db:CNNVDid:CNNVD-201702-072date:2017-02-22T00:00:00
db:NVDid:CVE-2017-3823date:2017-02-01T11:59:00.133