Sign-up

ID

VAR-201710-0661


CVE

CVE-2017-12296


TITLE

Cisco WebEx Meetings Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-009374

DESCRIPTION

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf51241, CSCvf51261. Vendors have confirmed this vulnerability Bug ID CSCvf51241 and CSCvf51261 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2017-12296 // JVNDB: JVNDB-2017-009374 // BID: 101489 // VULHUB: VHN-102804

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.8

Trust: 1.9

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 1.9

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 1.9

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:neversion:2.8.1.1023

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:neversion:2.8.1.1019

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:neversion:2.7.1.3047

Trust: 0.3

sources: BID: 101489 // JVNDB: JVNDB-2017-009374 // CNNVD: CNNVD-201710-877 // NVD: CVE-2017-12296

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12296
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12296
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201710-877
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102804
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12296
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102804
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12296
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102804 // JVNDB: JVNDB-2017-009374 // CNNVD: CNNVD-201710-877 // NVD: CVE-2017-12296

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-102804 // JVNDB: JVNDB-2017-009374 // NVD: CVE-2017-12296

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-877

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201710-877

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009374

PATCH
title:cisco-sa-20171018-wms1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1
Trust: 0.8
title:Cisco WebEx Meetings Server Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75860
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009374 // 
            
            
            
            CNNVD: CNNVD-201710-877

EXTERNAL IDS
db:NVDid:CVE-2017-12296
Trust: 2.8
db:BIDid:101489
Trust: 2.0
db:SECTRACKid:1039617
Trust: 1.7
db:JVNDBid:JVNDB-2017-009374
Trust: 0.8
db:CNNVDid:CNNVD-201710-877
Trust: 0.7
db:VULHUBid:VHN-102804
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102804 // 
            
            
            
            BID: 101489 // 
            
            
            
            JVNDB: JVNDB-2017-009374 // 
            
            
            
            CNNVD: CNNVD-201710-877 // 
            
            
            
            NVD: CVE-2017-12296

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-wms1
Trust: 2.0
url:http://www.securityfocus.com/bid/101489
Trust: 1.7
url:http://www.securitytracker.com/id/1039617
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12296
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12296
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12732/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-102804 // 
            
            
            
            BID: 101489 // 
            
            
            
            JVNDB: JVNDB-2017-009374 // 
            
            
            
            CNNVD: CNNVD-201710-877 // 
            
            
            
            NVD: CVE-2017-12296

CREDITS
Adam Willard of Blue Canopy.
Trust: 0.3
sources:
            
            
            BID: 101489

SOURCES
db:VULHUBid:VHN-102804
db:BIDid:101489
db:JVNDBid:JVNDB-2017-009374
db:CNNVDid:CNNVD-201710-877
db:NVDid:CVE-2017-12296

LAST UPDATE DATE
2024-11-23T21:53:40.774000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102804date:2019-10-09T00:00:00
db:BIDid:101489date:2017-10-18T00:00:00
db:JVNDBid:JVNDB-2017-009374date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-877date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12296date:2024-11-21T03:09:15.250

SOURCES RELEASE DATE
db:VULHUBid:VHN-102804date:2017-10-19T00:00:00
db:BIDid:101489date:2017-10-18T00:00:00
db:JVNDBid:JVNDB-2017-009374date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-877date:2017-10-23T00:00:00
db:NVDid:CVE-2017-12296date:2017-10-19T08:29:00.653