Details of VAR-201711-0358

ID

VAR-201711-0358

CVE

CVE-2017-12294

TITLE

Cisco WebEx Meetings Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-009824

DESCRIPTION

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf85562. Vendors have confirmed this vulnerability Bug ID CSCvf85562 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2017-12294 // JVNDB: JVNDB-2017-009824 // BID: 101654 // VULHUB: VHN-102802

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	ne	version:	2.8.1.1034	Trust: 0.3

sources: BID: 101654 // JVNDB: JVNDB-2017-009824 // CNNVD: CNNVD-201711-069 // NVD: CVE-2017-12294

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12294
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12294
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-069
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102802
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-12294
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102802
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12294
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102802 // JVNDB: JVNDB-2017-009824 // CNNVD: CNNVD-201711-069 // NVD: CVE-2017-12294

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-102802 // JVNDB: JVNDB-2017-009824 // NVD: CVE-2017-12294

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-069

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201711-069

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009824

PATCH

title:	cisco-sa-20171101-webex1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1	Trust: 0.8
title:	Cisco WebEx Meetings Server Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76074	Trust: 0.6

sources: JVNDB: JVNDB-2017-009824 // CNNVD: CNNVD-201711-069

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12294	Trust: 2.8
db:	BID	id:	101654	Trust: 2.0
db:	SECTRACK	id:	1039721	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-009824	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-069	Trust: 0.7
db:	VULHUB	id:	VHN-102802	Trust: 0.1

sources: VULHUB: VHN-102802 // BID: 101654 // JVNDB: JVNDB-2017-009824 // CNNVD: CNNVD-201711-069 // NVD: CVE-2017-12294

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171101-webex1	Trust: 2.0
url:	http://www.securityfocus.com/bid/101654	Trust: 1.7
url:	http://www.securitytracker.com/id/1039721	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12294	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12294	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps12732/index.html	Trust: 0.3

sources: VULHUB: VHN-102802 // BID: 101654 // JVNDB: JVNDB-2017-009824 // CNNVD: CNNVD-201711-069 // NVD: CVE-2017-12294

CREDITS

Adam Willard of Blue Canopy.

Trust: 0.3

sources: BID: 101654

SOURCES

db:	VULHUB	id:	VHN-102802
db:	BID	id:	101654
db:	JVNDB	id:	JVNDB-2017-009824
db:	CNNVD	id:	CNNVD-201711-069
db:	NVD	id:	CVE-2017-12294

LAST UPDATE DATE

2024-11-23T23:08:53.773000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102802	date:	2019-10-09T00:00:00
db:	BID	id:	101654	date:	2017-12-19T21:00:00
db:	JVNDB	id:	JVNDB-2017-009824	date:	2017-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201711-069	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12294	date:	2024-11-21T03:09:15.023

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102802	date:	2017-11-02T00:00:00
db:	BID	id:	101654	date:	2017-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-009824	date:	2017-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201711-069	date:	2017-11-03T00:00:00
db:	NVD	id:	CVE-2017-12294	date:	2017-11-02T16:29:00.707