Details of VAR-201711-0359

ID

VAR-201711-0359

CVE

CVE-2017-12295

TITLE

Cisco WebEx Meetings Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-009825

DESCRIPTION

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header reply from the Cisco WebEx Meetings Server to the client, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCve65818. Vendors have confirmed this vulnerability Bug ID CSCve65818 It is released as.Information may be obtained. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2017-12295 // JVNDB: JVNDB-2017-009825 // BID: 101651 // VULHUB: VHN-102803

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.8	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	ne	version:	2.8.1.1023	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	ne	version:	2.8.1.1019	Trust: 0.3

sources: BID: 101651 // JVNDB: JVNDB-2017-009825 // CNNVD: CNNVD-201711-068 // NVD: CVE-2017-12295

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12295
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12295
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-068
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102803
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12295
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102803
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12295
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102803 // JVNDB: JVNDB-2017-009825 // CNNVD: CNNVD-201711-068 // NVD: CVE-2017-12295

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-102803 // JVNDB: JVNDB-2017-009825 // NVD: CVE-2017-12295

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-068

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-068

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009825

PATCH

title:	cisco-sa-20171101-webex2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex2	Trust: 0.8
title:	Cisco WebEx Meetings Server Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76073	Trust: 0.6

sources: JVNDB: JVNDB-2017-009825 // CNNVD: CNNVD-201711-068

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12295	Trust: 2.8
db:	BID	id:	101651	Trust: 2.0
db:	SECTRACK	id:	1039722	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-009825	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-068	Trust: 0.7
db:	VULHUB	id:	VHN-102803	Trust: 0.1

sources: VULHUB: VHN-102803 // BID: 101651 // JVNDB: JVNDB-2017-009825 // CNNVD: CNNVD-201711-068 // NVD: CVE-2017-12295

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171101-webex2	Trust: 2.0
url:	http://www.securityfocus.com/bid/101651	Trust: 1.7
url:	http://www.securitytracker.com/id/1039722	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12295	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12295	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102803 // BID: 101651 // JVNDB: JVNDB-2017-009825 // CNNVD: CNNVD-201711-068 // NVD: CVE-2017-12295

CREDITS

Cisco

Trust: 0.3

sources: BID: 101651

SOURCES

db:	VULHUB	id:	VHN-102803
db:	BID	id:	101651
db:	JVNDB	id:	JVNDB-2017-009825
db:	CNNVD	id:	CNNVD-201711-068
db:	NVD	id:	CVE-2017-12295

LAST UPDATE DATE

2024-11-23T22:52:19.734000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102803	date:	2019-10-09T00:00:00
db:	BID	id:	101651	date:	2017-12-19T21:00:00
db:	JVNDB	id:	JVNDB-2017-009825	date:	2017-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201711-068	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12295	date:	2024-11-21T03:09:15.133

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102803	date:	2017-11-02T00:00:00
db:	BID	id:	101651	date:	2017-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-009825	date:	2017-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201711-068	date:	2017-11-03T00:00:00
db:	NVD	id:	CVE-2017-12295	date:	2017-11-02T16:29:00.740