CVE-2017-12297

Published: Nov 30, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-3870 Aliases: GSD-2017-12297
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,0
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: changed
Confidentiality: none
Integrity: low
Availability: none
MEDIUM 4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a 'URL Redirection Vulnerability.' The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0024
Percentile
0,5th
Updated

EPSS Score Trend (Last 91 Days)

20

Improper Input Validation

Stable
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Confidentiality Integrity
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Memory Read Files Or Directories Modify Memory Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t30
cpe:2.3:a:cisco:webex_meeting_center:t30:sp8:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t32.8
cpe:2.3:a:cisco:webex_meeting_center:t32.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t32
cpe:2.3:a:cisco:webex_meeting_center:t32:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t31
cpe:2.3:a:cisco:webex_meeting_center:t31:sp9:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t32.3
cpe:2.3:a:cisco:webex_meeting_center:t32.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t30
cpe:2.3:a:cisco:webex_meeting_center:t30:sp9:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t32.4
cpe:2.3:a:cisco:webex_meeting_center:t32.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t32.7
cpe:2.3:a:cisco:webex_meeting_center:t32.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t30
cpe:2.3:a:cisco:webex_meeting_center:t30:sp7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t32.6
cpe:2.3:a:cisco:webex_meeting_center:t32.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webex Meeting Center by Cisco

Product Information
Vendor Cisco
Product Webex Meeting Center
Version t31
cpe:2.3:a:cisco:webex_meeting_center:t31:sp8:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://tools.cisco.com/security/center/content/CiscoSecuri…
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
http://www.securityfocus.com/bid/101985
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101985
http://www.securitytracker.com/id/1039919
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039919
https://tools.cisco.com/security/center/content/CiscoSecuri…
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
http://www.securityfocus.com/bid/101985
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101985
http://www.securitytracker.com/id/1039919
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039919