Sign-up

ID

VAR-201703-0891


CVE

CVE-2017-3880


TITLE

Cisco WebEx Meetings Server Vulnerabilities that bypass authentication

Trust: 0.8

sources: JVNDB: JVNDB-2017-002465

DESCRIPTION

An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvd50728. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. An authentication bypass vulnerability exists in CWMS

Trust: 1.98

sources: NVD: CVE-2017-3880 // JVNDB: JVNDB-2017-002465 // BID: 96918 // VULHUB: VHN-112083

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7_mr1

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr2

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6_mr3

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.99.2

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr6

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr5

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7.1

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7_base

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 1.1

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 1.1

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.1.39

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7_mr2

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_base

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.1.29

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6_mr2

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6_mr1

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr4

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr3

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.1.5

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5_mr1

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5

Trust: 0.3

sources: BID: 96918 // JVNDB: JVNDB-2017-002465 // CNNVD: CNNVD-201703-841 // NVD: CVE-2017-3880

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3880
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3880
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-841
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112083
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3880
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112083
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3880
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112083 // JVNDB: JVNDB-2017-002465 // CNNVD: CNNVD-201703-841 // NVD: CVE-2017-3880

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-112083 // JVNDB: JVNDB-2017-002465 // NVD: CVE-2017-3880

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-841

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201703-841

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002465

PATCH
title:cisco-sa-20170315-webexurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-webex
Trust: 0.8
title:Cisco WebEx Meetings Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68604
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002465 // 
            
            
            
            CNNVD: CNNVD-201703-841

EXTERNAL IDS
db:NVDid:CVE-2017-3880
Trust: 2.8
db:BIDid:96918
Trust: 1.4
db:SECTRACKid:1038040
Trust: 1.1
db:JVNDBid:JVNDB-2017-002465
Trust: 0.8
db:CNNVDid:CNNVD-201703-841
Trust: 0.7
db:VULHUBid:VHN-112083
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112083 // 
            
            
            
            BID: 96918 // 
            
            
            
            JVNDB: JVNDB-2017-002465 // 
            
            
            
            CNNVD: CNNVD-201703-841 // 
            
            
            
            NVD: CVE-2017-3880

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-webex
Trust: 2.0
url:http://www.securityfocus.com/bid/96918
Trust: 1.1
url:http://www.securitytracker.com/id/1038040
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3880
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3880
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112083 // 
            
            
            
            BID: 96918 // 
            
            
            
            JVNDB: JVNDB-2017-002465 // 
            
            
            
            CNNVD: CNNVD-201703-841 // 
            
            
            
            NVD: CVE-2017-3880

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 96918

SOURCES
db:VULHUBid:VHN-112083
db:BIDid:96918
db:JVNDBid:JVNDB-2017-002465
db:CNNVDid:CNNVD-201703-841
db:NVDid:CVE-2017-3880

LAST UPDATE DATE
2024-11-23T22:26:51.617000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112083date:2017-07-12T00:00:00
db:BIDid:96918date:2017-03-16T08:02:00
db:JVNDBid:JVNDB-2017-002465date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-841date:2017-03-21T00:00:00
db:NVDid:CVE-2017-3880date:2024-11-21T03:26:18.213

SOURCES RELEASE DATE
db:VULHUBid:VHN-112083date:2017-03-17T00:00:00
db:BIDid:96918date:2017-03-15T00:00:00
db:JVNDBid:JVNDB-2017-002465date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-841date:2017-03-21T00:00:00
db:NVDid:CVE-2017-3880date:2017-03-17T22:59:00.610