Details of VAR-201710-0636

ID

VAR-201710-0636

CVE

CVE-2017-12257

TITLE

Cisco WebEx Meetings Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-008858

DESCRIPTION

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608. Vendors have confirmed this vulnerability Bug ID CSCve96608 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2017-12257 // JVNDB: JVNDB-2017-008858 // BID: 101167 // VULHUB: VHN-102761

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.8	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	ne	version:	2.8.1.1023	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	ne	version:	2.8.1.1019	Trust: 0.3

sources: BID: 101167 // JVNDB: JVNDB-2017-008858 // CNNVD: CNNVD-201710-057 // NVD: CVE-2017-12257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12257
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12257
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201710-057
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102761
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12257
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102761
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12257
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102761 // JVNDB: JVNDB-2017-008858 // CNNVD: CNNVD-201710-057 // NVD: CVE-2017-12257

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-102761 // JVNDB: JVNDB-2017-008858 // NVD: CVE-2017-12257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-057

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201710-057

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008858

PATCH

title:	cisco-sa-20171004-wms	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms	Trust: 0.8
title:	Cisco WebEx Meetings Server Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75272	Trust: 0.6

sources: JVNDB: JVNDB-2017-008858 // CNNVD: CNNVD-201710-057

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12257	Trust: 2.8
db:	BID	id:	101167	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-008858	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-057	Trust: 0.7
db:	VULHUB	id:	VHN-102761	Trust: 0.1

sources: VULHUB: VHN-102761 // BID: 101167 // JVNDB: JVNDB-2017-008858 // CNNVD: CNNVD-201710-057 // NVD: CVE-2017-12257

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171004-wms	Trust: 2.0
url:	http://www.securityfocus.com/bid/101167	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12257	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12257	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps12732/index.html	Trust: 0.3

sources: VULHUB: VHN-102761 // BID: 101167 // JVNDB: JVNDB-2017-008858 // CNNVD: CNNVD-201710-057 // NVD: CVE-2017-12257

CREDITS

Ali Ardic

Trust: 0.3

sources: BID: 101167

SOURCES

db:	VULHUB	id:	VHN-102761
db:	BID	id:	101167
db:	JVNDB	id:	JVNDB-2017-008858
db:	CNNVD	id:	CNNVD-201710-057
db:	NVD	id:	CVE-2017-12257

LAST UPDATE DATE

2024-11-23T22:45:35.171000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102761	date:	2019-10-09T00:00:00
db:	BID	id:	101167	date:	2017-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-008858	date:	2017-10-30T00:00:00
db:	CNNVD	id:	CNNVD-201710-057	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12257	date:	2024-11-21T03:09:10.857

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102761	date:	2017-10-05T00:00:00
db:	BID	id:	101167	date:	2017-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-008858	date:	2017-10-30T00:00:00
db:	CNNVD	id:	CNNVD-201710-057	date:	2017-10-10T00:00:00
db:	NVD	id:	CVE-2017-12257	date:	2017-10-05T07:29:00.433