Details of VAR-201710-0662

ID

VAR-201710-0662

CVE

CVE-2017-12298

TITLE

Cisco WebEx Meeting Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-009375

DESCRIPTION

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78615, CSCvf78628. Vendors have confirmed this vulnerability Bug ID CSCvf78615 and CSCvf78628 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2017-12298 // JVNDB: JVNDB-2017-009375 // BID: 101491 // VULHUB: VHN-102806

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meeting center	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 101491 // JVNDB: JVNDB-2017-009375 // CNNVD: CNNVD-201710-876 // NVD: CVE-2017-12298

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12298
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12298
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201710-876
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102806
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12298
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102806
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12298
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102806 // JVNDB: JVNDB-2017-009375 // CNNVD: CNNVD-201710-876 // NVD: CVE-2017-12298

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-102806 // JVNDB: JVNDB-2017-009375 // NVD: CVE-2017-12298

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-876

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201710-876

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009375

PATCH

title:	cisco-sa-20171018-wmc1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1	Trust: 0.8
title:	Cisco WebEx Meeting Center Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75859	Trust: 0.6

sources: JVNDB: JVNDB-2017-009375 // CNNVD: CNNVD-201710-876

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12298	Trust: 2.8
db:	BID	id:	101491	Trust: 2.0
db:	SECTRACK	id:	1039619	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-009375	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-876	Trust: 0.7
db:	VULHUB	id:	VHN-102806	Trust: 0.1

sources: VULHUB: VHN-102806 // BID: 101491 // JVNDB: JVNDB-2017-009375 // CNNVD: CNNVD-201710-876 // NVD: CVE-2017-12298

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-wmc1	Trust: 2.0
url:	http://www.securityfocus.com/bid/101491	Trust: 1.7
url:	http://www.securitytracker.com/id/1039619	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12298	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12298	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps12732/index.html	Trust: 0.3

sources: VULHUB: VHN-102806 // BID: 101491 // JVNDB: JVNDB-2017-009375 // CNNVD: CNNVD-201710-876 // NVD: CVE-2017-12298

CREDITS

Adam Willard of Blue Canopy.

Trust: 0.3

sources: BID: 101491

SOURCES

db:	VULHUB	id:	VHN-102806
db:	BID	id:	101491
db:	JVNDB	id:	JVNDB-2017-009375
db:	CNNVD	id:	CNNVD-201710-876
db:	NVD	id:	CVE-2017-12298

LAST UPDATE DATE

2024-11-23T22:26:37.259000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102806	date:	2019-10-09T00:00:00
db:	BID	id:	101491	date:	2017-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-009375	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201710-876	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12298	date:	2024-11-21T03:09:15.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102806	date:	2017-10-19T00:00:00
db:	BID	id:	101491	date:	2017-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-009375	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201710-876	date:	2017-10-23T00:00:00
db:	NVD	id:	CVE-2017-12298	date:	2017-10-19T08:29:00.700