Details of VAR-201707-0956

ID

VAR-201707-0956

CVE

CVE-2017-6753

TITLE

plural Cisco WebEx Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006452

DESCRIPTION

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037. plural Cisco WebEx The product contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvf15012 , CSCvf15020 , CSCvf15030 , CSCvf15033 , CSCvf15036 ,and CSCvf15037 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Chrome for Windows is a Windows-based web browser developed by Google (Google). Mozilla Firefox for Windows is an open source web browser based on the Windows platform from the Mozilla Foundation of the United States

Trust: 1.98

sources: NVD: CVE-2017-6753 // JVNDB: JVNDB-2017-006452 // BID: 99614 // VULHUB: VHN-114956

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	eq	version:	t30_base	Trust: 1.6
vendor:	cisco	model:	webex meetings server 2.5 mr6 patch	scope:	eq	version:	1	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6.1.39	Trust: 1.6
vendor:	cisco	model:	webex event center	scope:	eq	version:	t31_base	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5.1.29	Trust: 1.6
vendor:	cisco	model:	webex meetings server 2.5	scope:	eq	version:	mr1	Trust: 1.6
vendor:	cisco	model:	webex meetings server 2.7 mr1 patch	scope:	eq	version:	1	Trust: 1.6
vendor:	cisco	model:	webex meetings server 2.0 mr9 patch	scope:	eq	version:	1	Trust: 1.6
vendor:	cisco	model:	webex meetings server 2.5	scope:	eq	version:	mr5	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.8_base	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5.99.2	Trust: 1.0
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	t31_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.5_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.7 mr2 patch	scope:	eq	version:	1	Trust: 1.0
vendor:	cisco	model:	webex training center	scope:	eq	version:	t31_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0 mr9 patch	scope:	eq	version:	3	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0	scope:	eq	version:	mr9	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.5 mr2 patch	scope:	eq	version:	1	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0	scope:	eq	version:	mr5	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.0.1.107	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.0_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7.1	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.6	scope:	eq	version:	mr2	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0	scope:	eq	version:	mr8	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.5.1.6	Trust: 1.0
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	t30_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5.1.5	Trust: 1.0
vendor:	cisco	model:	webex training center	scope:	eq	version:	t30_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.1_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.6	scope:	eq	version:	mr1	Trust: 1.0
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	t32_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.6 mr1 patch	scope:	eq	version:	1	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.6 mr3 patch	scope:	eq	version:	1	Trust: 1.0
vendor:	cisco	model:	webex training center	scope:	eq	version:	t32_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0 mr8 patch	scope:	eq	version:	1	Trust: 1.0
vendor:	cisco	model:	webex support center	scope:	eq	version:	t31_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.6 mr3 patch	scope:	eq	version:	2	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0 mr9 patch	scope:	eq	version:	2	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.5 mr6 patch	scope:	eq	version:	3	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0	scope:	eq	version:	mr6	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0	scope:	eq	version:	mr2	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0	scope:	eq	version:	mr7	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.5	scope:	eq	version:	mr2	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.6	scope:	eq	version:	mr3	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.7	scope:	eq	version:	mr1	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.5	scope:	eq	version:	mr6	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.6 mr2 patch	scope:	eq	version:	1	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0	scope:	eq	version:	mr4	Trust: 1.0
vendor:	cisco	model:	webex support center	scope:	eq	version:	t30_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.5 mr6 patch	scope:	eq	version:	4	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.5	scope:	eq	version:	mr4	Trust: 1.0
vendor:	cisco	model:	webex event center	scope:	eq	version:	t30_base	Trust: 1.0
vendor:	cisco	model:	webex event center	scope:	eq	version:	t32_base	Trust: 1.0
vendor:	cisco	model:	webex support center	scope:	eq	version:	t32_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.5 mr6 patch	scope:	eq	version:	2	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.0	scope:	eq	version:	mr3	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6.0	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.5 mr5 patch	scope:	eq	version:	1	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.7	scope:	eq	version:	mr2	Trust: 1.0
vendor:	cisco	model:	webex meetings server 2.5	scope:	eq	version:	mr3	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.5.1.131	Trust: 1.0
vendor:	cisco	model:	webex event center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meeting center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex support center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex training center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings server t29 orion merge	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.8	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7	Trust: 0.3
vendor:	cisco	model:	webex meetings t32	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings t31	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings t30	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings t29	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex extension	scope:	eq	version:	1.0.9	Trust: 0.3
vendor:	cisco	model:	webex extension	scope:	eq	version:	1.0.5	Trust: 0.3
vendor:	cisco	model:	webex extension	scope:	eq	version:	1.0.3	Trust: 0.3
vendor:	cisco	model:	webex extension	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	cisco	model:	webex extension	scope:	ne	version:	1.0.12	Trust: 0.3

sources: BID: 99614 // JVNDB: JVNDB-2017-006452 // CNNVD: CNNVD-201707-864 // NVD: CVE-2017-6753

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6753
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6753
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201707-864
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114956
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6753
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114956
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6753
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114956 // JVNDB: JVNDB-2017-006452 // CNNVD: CNNVD-201707-864 // NVD: CVE-2017-6753

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-114956 // JVNDB: JVNDB-2017-006452 // NVD: CVE-2017-6753

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-864

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201707-864

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006452

PATCH

title:	cisco-sa-20170717-webex	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex	Trust: 0.8
title:	Google Chrome and Mozilla firefox for Windows Cisco WebEx Browser Extension Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71852	Trust: 0.6

sources: JVNDB: JVNDB-2017-006452 // CNNVD: CNNVD-201707-864

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6753	Trust: 2.8
db:	BID	id:	99614	Trust: 2.0
db:	SECTRACK	id:	1038911	Trust: 1.7
db:	SECTRACK	id:	1038910	Trust: 1.7
db:	SECTRACK	id:	1038909	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-006452	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-864	Trust: 0.7
db:	VULHUB	id:	VHN-114956	Trust: 0.1

sources: VULHUB: VHN-114956 // BID: 99614 // JVNDB: JVNDB-2017-006452 // CNNVD: CNNVD-201707-864 // NVD: CVE-2017-6753

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170717-webex	Trust: 2.0
url:	http://www.securityfocus.com/bid/99614	Trust: 1.7
url:	http://www.securitytracker.com/id/1038909	Trust: 1.7
url:	http://www.securitytracker.com/id/1038910	Trust: 1.7
url:	http://www.securitytracker.com/id/1038911	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6753	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6753	Trust: 0.8
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=1324&can=1&q=&sort=-id&colspec=id%20status%20owner%20summary%20modified%20cve&desc=2	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114956 // BID: 99614 // JVNDB: JVNDB-2017-006452 // CNNVD: CNNVD-201707-864 // NVD: CVE-2017-6753

CREDITS

Tavis Ormandy of Google Project Zero and Cris Neckar of Divergent Security.

Trust: 0.9

sources: BID: 99614 // CNNVD: CNNVD-201707-864

SOURCES

db:	VULHUB	id:	VHN-114956
db:	BID	id:	99614
db:	JVNDB	id:	JVNDB-2017-006452
db:	CNNVD	id:	CNNVD-201707-864
db:	NVD	id:	CVE-2017-6753

LAST UPDATE DATE

2024-11-23T23:12:25.355000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114956	date:	2019-10-09T00:00:00
db:	BID	id:	99614	date:	2017-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-006452	date:	2017-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201707-864	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6753	date:	2024-11-21T03:30:27.107

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114956	date:	2017-07-25T00:00:00
db:	BID	id:	99614	date:	2017-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-006452	date:	2017-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201707-864	date:	2017-07-19T00:00:00
db:	NVD	id:	CVE-2017-6753	date:	2017-07-25T19:29:00.397