ID

VAR-201711-0374


CVE

CVE-2017-12363


TITLE

Cisco WebEx Meetings Server Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010231

DESCRIPTION

A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695. Cisco WebEx Meetings Server Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvf68695 It is released as.Information may be tampered with. Attackers can exploit this issue to bypass certain security restrictions to gain unauthorized access. This may aid in further attacks. Cisco WebEx Meeting Server is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2017-12363 // JVNDB: JVNDB-2017-010231 // BID: 102000 // VULHUB: VHN-102878

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.7

Trust: 1.9

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0.8

Trust: 1.9

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

sources: BID: 102000 // JVNDB: JVNDB-2017-010231 // CNNVD: CNNVD-201711-1203 // NVD: CVE-2017-12363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12363
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12363
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-1203
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102878
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12363
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102878
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12363
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102878 // JVNDB: JVNDB-2017-010231 // CNNVD: CNNVD-201711-1203 // NVD: CVE-2017-12363

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-668

Trust: 1.1

sources: VULHUB: VHN-102878 // JVNDB: JVNDB-2017-010231 // NVD: CVE-2017-12363

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1203

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-1203

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010231

PATCH

title:cisco-sa-20171129-webex3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex3

Trust: 0.8

title:Cisco WebEx Meeting Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76822

Trust: 0.6

sources: JVNDB: JVNDB-2017-010231 // CNNVD: CNNVD-201711-1203

EXTERNAL IDS

db:NVDid:CVE-2017-12363

Trust: 2.8

db:BIDid:102000

Trust: 2.0

db:SECTRACKid:1039921

Trust: 1.7

db:JVNDBid:JVNDB-2017-010231

Trust: 0.8

db:CNNVDid:CNNVD-201711-1203

Trust: 0.7

db:VULHUBid:VHN-102878

Trust: 0.1

sources: VULHUB: VHN-102878 // BID: 102000 // JVNDB: JVNDB-2017-010231 // CNNVD: CNNVD-201711-1203 // NVD: CVE-2017-12363

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-webex3

Trust: 2.0

url:http://www.securityfocus.com/bid/102000

Trust: 1.7

url:http://www.securitytracker.com/id/1039921

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12363

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-12363

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-102878 // BID: 102000 // JVNDB: JVNDB-2017-010231 // CNNVD: CNNVD-201711-1203 // NVD: CVE-2017-12363

CREDITS

Adam Willard of Blue Canopy

Trust: 0.3

sources: BID: 102000

SOURCES

db:VULHUBid:VHN-102878
db:BIDid:102000
db:JVNDBid:JVNDB-2017-010231
db:CNNVDid:CNNVD-201711-1203
db:NVDid:CVE-2017-12363

LAST UPDATE DATE

2024-11-23T21:53:38.296000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-102878date:2019-10-09T00:00:00
db:BIDid:102000date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010231date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201711-1203date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12363date:2024-11-21T03:09:23.323

SOURCES RELEASE DATE

db:VULHUBid:VHN-102878date:2017-11-30T00:00:00
db:BIDid:102000date:2017-11-29T00:00:00
db:JVNDBid:JVNDB-2017-010231date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201711-1203date:2017-12-01T00:00:00
db:NVDid:CVE-2017-12363date:2017-11-30T09:29:01.417