Sign-up

ID

VAR-201710-0660


CVE

CVE-2017-12293


TITLE

Cisco WebEx Meetings Server Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009373

DESCRIPTION

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the server and exhausting server resources. A successful exploit could cause the server to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf41006. Cisco WebEx Meetings Server Contains buffer error vulnerabilities and resource exhaustion vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvf41006 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2017-12293 // JVNDB: JVNDB-2017-009373 // BID: 101492 // VULHUB: VHN-102801

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 1.9

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:neversion:2.8.1.1034

Trust: 0.3

sources: BID: 101492 // JVNDB: JVNDB-2017-009373 // CNNVD: CNNVD-201710-878 // NVD: CVE-2017-12293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12293
value: HIGH

Trust: 1.0

NVD: CVE-2017-12293
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-878
value: HIGH

Trust: 0.6

VULHUB: VHN-102801
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12293
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102801
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12293
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102801 // JVNDB: JVNDB-2017-009373 // CNNVD: CNNVD-201710-878 // NVD: CVE-2017-12293

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:CWE-119

Trust: 1.1

sources: VULHUB: VHN-102801 // JVNDB: JVNDB-2017-009373 // NVD: CVE-2017-12293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-878

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201710-878

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009373

PATCH
title:cisco-sa-20171018-wmsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms
Trust: 0.8
title:Cisco WebEx Meetings Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75861
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009373 // 
            
            
            
            CNNVD: CNNVD-201710-878

EXTERNAL IDS
db:NVDid:CVE-2017-12293
Trust: 2.8
db:BIDid:101492
Trust: 2.0
db:SECTRACKid:1039618
Trust: 1.7
db:JVNDBid:JVNDB-2017-009373
Trust: 0.8
db:CNNVDid:CNNVD-201710-878
Trust: 0.7
db:VULHUBid:VHN-102801
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102801 // 
            
            
            
            BID: 101492 // 
            
            
            
            JVNDB: JVNDB-2017-009373 // 
            
            
            
            CNNVD: CNNVD-201710-878 // 
            
            
            
            NVD: CVE-2017-12293

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-wms
Trust: 2.0
url:http://www.securityfocus.com/bid/101492
Trust: 1.7
url:http://www.securitytracker.com/id/1039618
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12293
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12293
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-102801 // 
            
            
            
            BID: 101492 // 
            
            
            
            JVNDB: JVNDB-2017-009373 // 
            
            
            
            CNNVD: CNNVD-201710-878 // 
            
            
            
            NVD: CVE-2017-12293

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 101492

SOURCES
db:VULHUBid:VHN-102801
db:BIDid:101492
db:JVNDBid:JVNDB-2017-009373
db:CNNVDid:CNNVD-201710-878
db:NVDid:CVE-2017-12293

LAST UPDATE DATE
2024-11-23T23:12:22.681000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102801date:2019-10-09T00:00:00
db:BIDid:101492date:2017-10-18T00:00:00
db:JVNDBid:JVNDB-2017-009373date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-878date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12293date:2024-11-21T03:09:14.910

SOURCES RELEASE DATE
db:VULHUBid:VHN-102801date:2017-10-19T00:00:00
db:BIDid:101492date:2017-10-18T00:00:00
db:JVNDBid:JVNDB-2017-009373date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-878date:2017-10-23T00:00:00
db:NVDid:CVE-2017-12293date:2017-10-19T08:29:00.623