Sign-up

ID

VAR-201703-0714


CVE

CVE-2017-3811


TITLE

Cisco WebEx Meetings Server In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-002455

DESCRIPTION

An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvc39165. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. The vulnerability stems from the fact that the program does not correctly handle XXE external entities when parsing XML files

Trust: 1.98

sources: NVD: CVE-2017-3811 // JVNDB: JVNDB-2017-002455 // BID: 96912 // VULHUB: VHN-112014

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 2.4

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

sources: BID: 96912 // JVNDB: JVNDB-2017-002455 // CNNVD: CNNVD-201703-681 // NVD: CVE-2017-3811

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3811
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3811
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-681
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112014
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3811
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112014
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3811
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112014 // JVNDB: JVNDB-2017-002455 // CNNVD: CNNVD-201703-681 // NVD: CVE-2017-3811

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.9

sources: VULHUB: VHN-112014 // JVNDB: JVNDB-2017-002455 // NVD: CVE-2017-3811

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-681

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-681

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002455

PATCH
title:cisco-sa-20170315-wmsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms
Trust: 0.8
title:Cisco WebEx Meetings Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68424
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002455 // 
            
            
            
            CNNVD: CNNVD-201703-681

EXTERNAL IDS
db:NVDid:CVE-2017-3811
Trust: 2.8
db:BIDid:96912
Trust: 2.0
db:SECTRACKid:1038042
Trust: 1.1
db:JVNDBid:JVNDB-2017-002455
Trust: 0.8
db:CNNVDid:CNNVD-201703-681
Trust: 0.7
db:VULHUBid:VHN-112014
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112014 // 
            
            
            
            BID: 96912 // 
            
            
            
            JVNDB: JVNDB-2017-002455 // 
            
            
            
            CNNVD: CNNVD-201703-681 // 
            
            
            
            NVD: CVE-2017-3811

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-wms
Trust: 2.0
url:http://www.securityfocus.com/bid/96912
Trust: 1.7
url:http://www.securitytracker.com/id/1038042
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3811
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3811
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112014 // 
            
            
            
            BID: 96912 // 
            
            
            
            JVNDB: JVNDB-2017-002455 // 
            
            
            
            CNNVD: CNNVD-201703-681 // 
            
            
            
            NVD: CVE-2017-3811

CREDITS
Ali Ardic.
Trust: 0.9
sources:
            
            
            BID: 96912 // 
            
            
            
            CNNVD: CNNVD-201703-681

SOURCES
db:VULHUBid:VHN-112014
db:BIDid:96912
db:JVNDBid:JVNDB-2017-002455
db:CNNVDid:CNNVD-201703-681
db:NVDid:CVE-2017-3811

LAST UPDATE DATE
2024-11-23T22:34:41.038000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112014date:2017-07-12T00:00:00
db:BIDid:96912date:2017-03-16T01:02:00
db:JVNDBid:JVNDB-2017-002455date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-681date:2017-03-16T00:00:00
db:NVDid:CVE-2017-3811date:2024-11-21T03:26:09.790

SOURCES RELEASE DATE
db:VULHUBid:VHN-112014date:2017-03-17T00:00:00
db:BIDid:96912date:2017-03-15T00:00:00
db:JVNDBid:JVNDB-2017-002455date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-681date:2017-03-16T00:00:00
db:NVDid:CVE-2017-3811date:2017-03-17T22:59:00.157