ID

VAR-201711-0377


CVE

CVE-2017-12366


TITLE

Cisco WebEx Meeting Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-010232

DESCRIPTION

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440. Vendors have confirmed this vulnerability Bug ID CSCvf78635 and CSCvg52440 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2017-12366 // JVNDB: JVNDB-2017-010232 // BID: 101984 // VULHUB: VHN-102881

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion:t32.6

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings t32.6scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: BID: 101984 // JVNDB: JVNDB-2017-010232 // CNNVD: CNNVD-201711-1200 // NVD: CVE-2017-12366

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12366
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12366
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-1200
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102881
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12366
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102881
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12366
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102881 // JVNDB: JVNDB-2017-010232 // CNNVD: CNNVD-201711-1200 // NVD: CVE-2017-12366

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-102881 // JVNDB: JVNDB-2017-010232 // NVD: CVE-2017-12366

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1200

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201711-1200

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010232

PATCH

title:cisco-sa-20171129-webex5url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5

Trust: 0.8

title:Cisco WebEx Meeting Center Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76819

Trust: 0.6

sources: JVNDB: JVNDB-2017-010232 // CNNVD: CNNVD-201711-1200

EXTERNAL IDS

db:NVDid:CVE-2017-12366

Trust: 2.8

db:BIDid:101984

Trust: 2.0

db:SECTRACKid:1039918

Trust: 1.7

db:JVNDBid:JVNDB-2017-010232

Trust: 0.8

db:CNNVDid:CNNVD-201711-1200

Trust: 0.7

db:VULHUBid:VHN-102881

Trust: 0.1

sources: VULHUB: VHN-102881 // BID: 101984 // JVNDB: JVNDB-2017-010232 // CNNVD: CNNVD-201711-1200 // NVD: CVE-2017-12366

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-webex5

Trust: 2.0

url:http://www.securityfocus.com/bid/101984

Trust: 1.7

url:http://www.securitytracker.com/id/1039918

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12366

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-12366

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

url:http://www.cisco.com/en/us/products/ps12732/index.html

Trust: 0.3

sources: VULHUB: VHN-102881 // BID: 101984 // JVNDB: JVNDB-2017-010232 // CNNVD: CNNVD-201711-1200 // NVD: CVE-2017-12366

CREDITS

Adam Willard of Blue Canopy and Chacko K. Abraham

Trust: 0.3

sources: BID: 101984

SOURCES

db:VULHUBid:VHN-102881
db:BIDid:101984
db:JVNDBid:JVNDB-2017-010232
db:CNNVDid:CNNVD-201711-1200
db:NVDid:CVE-2017-12366

LAST UPDATE DATE

2024-11-23T23:02:19.636000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-102881date:2019-10-09T00:00:00
db:BIDid:101984date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2017-010232date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201711-1200date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12366date:2024-11-21T03:09:23.737

SOURCES RELEASE DATE

db:VULHUBid:VHN-102881date:2017-11-30T00:00:00
db:BIDid:101984date:2017-11-29T00:00:00
db:JVNDBid:JVNDB-2017-010232date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201711-1200date:2017-12-01T00:00:00
db:NVDid:CVE-2017-12366date:2017-11-30T09:29:01.527