Details of VAR-201710-0654

ID

VAR-201710-0654

CVE

CVE-2017-12284

TITLE

Windows For clients Cisco Jabber Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-009444

DESCRIPTION

A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanisms in the system. An attacker could exploit this vulnerability by issuing specific commands after authenticating to the system. A successful exploit could allow the attacker to view profile information where only certain parameters should be visible. Cisco Bug IDs: CSCve14401. Vendors have confirmed this vulnerability Bug ID CSCve14401 It is released as.Information may be obtained. The program provides online status display, instant messaging, voice and other functions

Trust: 1.98

sources: NVD: CVE-2017-12284 // JVNDB: JVNDB-2017-009444 // BID: 101501 // VULHUB: VHN-102791

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber	scope:	eq	version:	11.8\(.4\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	jabber for windows	scope:	eq	version:	11.8(4)	Trust: 0.3
vendor:	cisco	model:	jabber for windows	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber for windows	scope:	ne	version:	11.8(4.52954)	Trust: 0.3

sources: BID: 101501 // JVNDB: JVNDB-2017-009444 // CNNVD: CNNVD-201710-884 // NVD: CVE-2017-12284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12284
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12284
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201710-884
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102791
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-12284
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102791
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12284
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102791 // JVNDB: JVNDB-2017-009444 // CNNVD: CNNVD-201710-884 // NVD: CVE-2017-12284

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-102791 // JVNDB: JVNDB-2017-009444 // NVD: CVE-2017-12284

THREAT TYPE

local

Trust: 0.9

sources: BID: 101501 // CNNVD: CNNVD-201710-884

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201710-884

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009444

PATCH

title:	cisco-sa-20171018-jab	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab	Trust: 0.8
title:	Cisco Jabber for Windows Client Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75866	Trust: 0.6

sources: JVNDB: JVNDB-2017-009444 // CNNVD: CNNVD-201710-884

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12284	Trust: 2.8
db:	BID	id:	101501	Trust: 2.0
db:	SECTRACK	id:	1039624	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-009444	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-884	Trust: 0.7
db:	VULHUB	id:	VHN-102791	Trust: 0.1

sources: VULHUB: VHN-102791 // BID: 101501 // JVNDB: JVNDB-2017-009444 // CNNVD: CNNVD-201710-884 // NVD: CVE-2017-12284

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-jab	Trust: 2.0
url:	http://www.securityfocus.com/bid/101501	Trust: 1.7
url:	http://www.securitytracker.com/id/1039624	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12284	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12284	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102791 // BID: 101501 // JVNDB: JVNDB-2017-009444 // CNNVD: CNNVD-201710-884 // NVD: CVE-2017-12284

CREDITS

Cisco

Trust: 0.3

sources: BID: 101501

SOURCES

db:	VULHUB	id:	VHN-102791
db:	BID	id:	101501
db:	JVNDB	id:	JVNDB-2017-009444
db:	CNNVD	id:	CNNVD-201710-884
db:	NVD	id:	CVE-2017-12284

LAST UPDATE DATE

2024-11-23T22:17:47.272000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102791	date:	2019-10-09T00:00:00
db:	BID	id:	101501	date:	2017-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-009444	date:	2017-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201710-884	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12284	date:	2024-11-21T03:09:13.897

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102791	date:	2017-10-19T00:00:00
db:	BID	id:	101501	date:	2017-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-009444	date:	2017-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201710-884	date:	2017-10-23T00:00:00
db:	NVD	id:	CVE-2017-12284	date:	2017-10-19T08:29:00.420