Sign-up

ID

VAR-201711-0372


CVE

CVE-2017-12361


TITLE

Cisco Jabber Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-010411

DESCRIPTION

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file folders. An attacker could exploit the vulnerability by fixing the random number data used to establish Secure Sockets Layer (SSL) connections between clients. An exploit could allow the attacker to decrypt secure communications made by the Cisco Jabber for Windows client. Cisco Bug IDs: CSCve44806. Vendors have confirmed this vulnerability Bug ID CSCve44806 It is released as.Information may be obtained. The program provides online status display, instant messaging, voice and other functions

Trust: 2.07

sources: NVD: CVE-2017-12361 // JVNDB: JVNDB-2017-010411 // BID: 101994 // VULHUB: VHN-102876 // VULMON: CVE-2017-12361

AFFECTED PRODUCTS

vendor:ciscomodel:jabberscope:eqversion:11.8\(1\)

Trust: 1.6

vendor:ciscomodel:jabberscope:eqversion:11.8\(3\)

Trust: 1.6

vendor:ciscomodel:jabberscope:eqversion:11.8\(0\)

Trust: 1.6

vendor:ciscomodel:jabberscope:eqversion:11.8\(2\)

Trust: 1.6

vendor:ciscomodel:jabberscope: - version: -

Trust: 0.8

vendor:ciscomodel:jabber for windowsscope:eqversion:11.8(3)

Trust: 0.3

vendor:ciscomodel:jabber for windowsscope:eqversion:11.8(2)

Trust: 0.3

vendor:ciscomodel:jabber for windowsscope:eqversion:11.8(1)

Trust: 0.3

vendor:ciscomodel:jabber for windowsscope:eqversion:11.8(0)

Trust: 0.3

vendor:ciscomodel:jabber for windowsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:jabber for windowsscope:neversion:11.9(0.54450)

Trust: 0.3

sources: BID: 101994 // JVNDB: JVNDB-2017-010411 // CNNVD: CNNVD-201711-1205 // NVD: CVE-2017-12361

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12361
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12361
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-1205
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102876
value: LOW

Trust: 0.1

VULMON: CVE-2017-12361
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-12361
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-102876
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12361
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102876 // VULMON: CVE-2017-12361 // JVNDB: JVNDB-2017-010411 // CNNVD: CNNVD-201711-1205 // NVD: CVE-2017-12361

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-330

Trust: 1.1

sources: VULHUB: VHN-102876 // JVNDB: JVNDB-2017-010411 // NVD: CVE-2017-12361

THREAT TYPE

local

Trust: 0.9

sources: BID: 101994 // CNNVD: CNNVD-201711-1205

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201711-1205

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010411

PATCH
title:cisco-sa-20171129-jabber2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber2
Trust: 0.8
title:Cisco Jabber for Windows Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76824
Trust: 0.6
title:Cisco: Cisco Jabber Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20171129-jabber2
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-12361 // 
            
            
            
            JVNDB: JVNDB-2017-010411 // 
            
            
            
            CNNVD: CNNVD-201711-1205

EXTERNAL IDS
db:NVDid:CVE-2017-12361
Trust: 2.9
db:BIDid:101994
Trust: 2.1
db:SECTRACKid:1039915
Trust: 1.8
db:JVNDBid:JVNDB-2017-010411
Trust: 0.8
db:CNNVDid:CNNVD-201711-1205
Trust: 0.7
db:VULHUBid:VHN-102876
Trust: 0.1
db:VULMONid:CVE-2017-12361
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102876 // 
            
            
            
            VULMON: CVE-2017-12361 // 
            
            
            
            BID: 101994 // 
            
            
            
            JVNDB: JVNDB-2017-010411 // 
            
            
            
            CNNVD: CNNVD-201711-1205 // 
            
            
            
            NVD: CVE-2017-12361

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-jabber2
Trust: 2.2
url:http://www.securityfocus.com/bid/101994
Trust: 1.8
url:http://www.securitytracker.com/id/1039915
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12361
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12361
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/330.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102876 // 
            
            
            
            VULMON: CVE-2017-12361 // 
            
            
            
            BID: 101994 // 
            
            
            
            JVNDB: JVNDB-2017-010411 // 
            
            
            
            CNNVD: CNNVD-201711-1205 // 
            
            
            
            NVD: CVE-2017-12361

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 101994

SOURCES
db:VULHUBid:VHN-102876
db:VULMONid:CVE-2017-12361
db:BIDid:101994
db:JVNDBid:JVNDB-2017-010411
db:CNNVDid:CNNVD-201711-1205
db:NVDid:CVE-2017-12361

LAST UPDATE DATE
2024-11-23T22:00:49.325000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102876date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-12361date:2019-09-10T00:00:00
db:BIDid:101994date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2017-010411date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-1205date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12361date:2024-11-21T03:09:23.073

SOURCES RELEASE DATE
db:VULHUBid:VHN-102876date:2017-11-30T00:00:00
db:VULMONid:CVE-2017-12361date:2017-11-30T00:00:00
db:BIDid:101994date:2017-11-29T00:00:00
db:JVNDBid:JVNDB-2017-010411date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-1205date:2017-12-01T00:00:00
db:NVDid:CVE-2017-12361date:2017-11-30T09:29:01.353