CVE-2017-3823

EPSS 79.24%
Published 01.02.2017 11:59:00
Last modified 20.04.2025 01:37:25
Source psirt@cisco.com
Teams watchlist Login
Open Login

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Activetouch General Plugin Container Version105 SwPlatformfirefox

Cisco ≫ Download Manager Version2.1.0.9 SwPlatforminternet_explorer

Cisco ≫ Gpccontainer Class SwPlatforminternet_explorer Version <= 10031.6.2017.0125

Cisco ≫ Webex SwPlatformchrome Version <= 1.0.6

Cisco ≫ Webex Meetings Server Version2.0_base

Cisco ≫ Webex Meetings Server Version2.0_mr2

Cisco ≫ Webex Meetings Server Version2.0_mr3

Cisco ≫ Webex Meetings Server Version2.0_mr4

Cisco ≫ Webex Meetings Server Version2.0_mr5

Cisco ≫ Webex Meetings Server Version2.0_mr6

Cisco ≫ Webex Meetings Server Version2.0_mr7

Cisco ≫ Webex Meetings Server Version2.0_mr8

Cisco ≫ Webex Meetings Server Version2.0_mr8 Updatep1

Cisco ≫ Webex Meetings Server Version2.0_mr9

Cisco ≫ Webex Meetings Server Version2.0_mr9 Updatep1

Cisco ≫ Webex Meetings Server Version2.0_mr9 Updatep2

Cisco ≫ Webex Meetings Server Version2.0_mr9 Updatep3

Cisco ≫ Webex Meetings Server Version2.5_base

Cisco ≫ Webex Meetings Server Version2.5_mr1

Cisco ≫ Webex Meetings Server Version2.5_mr2

Cisco ≫ Webex Meetings Server Version2.5_mr2 Updatep1

Cisco ≫ Webex Meetings Server Version2.5_mr3

Cisco ≫ Webex Meetings Server Version2.5_mr4

Cisco ≫ Webex Meetings Server Version2.5_mr5

Cisco ≫ Webex Meetings Server Version2.5_mr5 Updatep1

Cisco ≫ Webex Meetings Server Version2.5_mr6

Cisco ≫ Webex Meetings Server Version2.5_mr6 Updatep1

Cisco ≫ Webex Meetings Server Version2.5_mr6 Updatep2

Cisco ≫ Webex Meetings Server Version2.5_mr6 Updatep3

Cisco ≫ Webex Meetings Server Version2.6_base

Cisco ≫ Webex Meetings Server Version2.6_mr1

Cisco ≫ Webex Meetings Server Version2.6_mr1 Updatep1

Cisco ≫ Webex Meetings Server Version2.6_mr2

Cisco ≫ Webex Meetings Server Version2.6_mr2 Updatep1

Cisco ≫ Webex Meetings Server Version2.6_mr3

Cisco ≫ Webex Meetings Server Version2.6_mr3 Updatep1

Cisco ≫ Webex Meetings Server Version2.7_base

Cisco ≫ Webex Meetings Server Version2.7_mr1

Cisco ≫ Webex Meetings Server Version2.7_mr1 Updatep1

Cisco ≫ Webex Meetings Server Version2.7_mr2

Cisco ≫ Webex Meeting Center Version2.6_base

Cisco ≫ Webex Meeting Center Version2.6_mr1

Cisco ≫ Webex Meeting Center Version2.6_mr1 Updatep1

Cisco ≫ Webex Meeting Center Version2.6_mr2

Cisco ≫ Webex Meeting Center Version2.6_mr2 Updatep1

Cisco ≫ Webex Meeting Center Version2.6_mr3

Cisco ≫ Webex Meeting Center Version2.6_mr3 Updatep1

Cisco ≫ Webex Meeting Center Version2.7_base

Cisco ≫ Webex Meeting Center Version2.7_mr1

Cisco ≫ Webex Meeting Center Version2.7_mr1 Updatep1

Cisco ≫ Webex Meeting Center Version2.7_mr2

Cisco ≫ Webex Meeting Center Versiont29_base

Cisco ≫ Webex Meeting Center Versiont30_base

Cisco ≫ Webex Meeting Center Versiont31_base

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	79.24%	0.99

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/95737

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037680

https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html

https://blog.filippo.io/webex-extension-vulnerability/

https://bugs.chromium.org/p/project-zero/issues/detail?id=1096

Third Party Advisory

Technical Description

https://bugs.chromium.org/p/project-zero/issues/detail?id=1100

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

Vendor Advisory

https://www.kb.cert.org/vuls/id/909240

https://nvd.nist.gov/vuln/detail/CVE-2017-3823

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3823

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3823

EUVD