Details of VAR-201710-0656

ID

VAR-201710-0656

CVE

CVE-2017-12286

TITLE

Cisco Jabber Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009446

DESCRIPTION

A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418. Vendors report this vulnerability Bug ID CSCve52418 Published as.Information may be obtained. The system provides functions such as voice, video, desktop sharing and conferencing

Trust: 1.98

sources: NVD: CVE-2017-12286 // JVNDB: JVNDB-2017-009446 // BID: 101515 // VULHUB: VHN-102793

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber	scope:	eq	version:	1.9.30	Trust: 1.9
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	1.9.26	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	lt	version:	1.9.31	Trust: 0.8
vendor:	cisco	model:	webex meeting center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meeting center wapi1.9.26	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	jabber	scope:	ne	version:	1.9.31	Trust: 0.3

sources: BID: 101515 // JVNDB: JVNDB-2017-009446 // CNNVD: CNNVD-201710-882 // NVD: CVE-2017-12286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12286
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12286
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201710-882
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102793
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-12286
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102793
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12286
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102793 // JVNDB: JVNDB-2017-009446 // CNNVD: CNNVD-201710-882 // NVD: CVE-2017-12286

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-102793 // JVNDB: JVNDB-2017-009446 // NVD: CVE-2017-12286

THREAT TYPE

local

Trust: 0.9

sources: BID: 101515 // CNNVD: CNNVD-201710-882

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 101515 // CNNVD: CNNVD-201710-882

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009446

PATCH

title:	cisco-sa-20171018-jab1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1	Trust: 0.8
title:	Cisco Jabber Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75864	Trust: 0.6

sources: JVNDB: JVNDB-2017-009446 // CNNVD: CNNVD-201710-882

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12286	Trust: 2.8
db:	BID	id:	101515	Trust: 2.0
db:	SECTRACK	id:	1039625	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-009446	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-882	Trust: 0.7
db:	VULHUB	id:	VHN-102793	Trust: 0.1

sources: VULHUB: VHN-102793 // BID: 101515 // JVNDB: JVNDB-2017-009446 // CNNVD: CNNVD-201710-882 // NVD: CVE-2017-12286

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-jab1	Trust: 2.0
url:	http://www.securityfocus.com/bid/101515	Trust: 1.7
url:	http://www.securitytracker.com/id/1039625	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12286	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12286	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102793 // BID: 101515 // JVNDB: JVNDB-2017-009446 // CNNVD: CNNVD-201710-882 // NVD: CVE-2017-12286

CREDITS

Cisco

Trust: 0.3

sources: BID: 101515

SOURCES

db:	VULHUB	id:	VHN-102793
db:	BID	id:	101515
db:	JVNDB	id:	JVNDB-2017-009446
db:	CNNVD	id:	CNNVD-201710-882
db:	NVD	id:	CVE-2017-12286

LAST UPDATE DATE

2024-11-23T22:48:54.127000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102793	date:	2019-10-09T00:00:00
db:	BID	id:	101515	date:	2017-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-009446	date:	2017-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201710-882	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12286	date:	2024-11-21T03:09:14.127

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102793	date:	2017-10-19T00:00:00
db:	BID	id:	101515	date:	2017-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-009446	date:	2017-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201710-882	date:	2017-10-23T00:00:00
db:	NVD	id:	CVE-2017-12286	date:	2017-10-19T08:29:00.497