CVE-2017-12361

CWE-200Information ExposureCWE-3304 documents4 sources
Severity
4.0MEDIUM
EPSS
0.1%
top 66.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Jabber
Timeline
PublishedNov 30
Latest updateMay 13

Description

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file folders. An attacker could exploit the vulnerability by fixing the random number data used to establish Secure Sockets Layer (SSL) connections betwe

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco_jabberCisco Jabber
NVDcisco/jabber4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-4998-58vc-p397: A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber clien2022-05-13
CVEList
CVE-2017-12361: A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber clien2017-11-30

📋Vendor Advisories

1
Cisco
Cisco Jabber Information Disclosure Vulnerability2017-11-30
CVE-2017-12361 (MEDIUM CVSS 4) | A vulnerability in Cisco Jabber for | cvebase.io