5

CVE-2017-12297

A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoWebex Meeting Center Versiont30 Updatesp7
CiscoWebex Meeting Center Versiont30 Updatesp8
CiscoWebex Meeting Center Versiont30 Updatesp9
CiscoWebex Meeting Center Versiont31 Updatesp8
CiscoWebex Meeting Center Versiont31 Updatesp9
CiscoWebex Meeting Center Versiont32
CiscoWebex Meeting Center Versiont32.3
CiscoWebex Meeting Center Versiont32.4
CiscoWebex Meeting Center Versiont32.6
CiscoWebex Meeting Center Versiont32.7
CiscoWebex Meeting Center Versiont32.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.439
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 3.1 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/101985
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039919
Third Party Advisory
VDB Entry