CVE-2017-12363 — Resource Exposure in Cisco Webex Meetings Server

CWE-264 CWE-668 — Resource Exposure4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.9%

top 24.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Server

Timeline

PublishedNov 30

Latest updateMay 13

Description

A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDcisco/webex_meetings_server2.6.0.8, 2.7+1

🔴Vulnerability Details

GHSA

GHSA-pq9m-xghm-3qrg: A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affecte↗2022-05-13

▶

CVEList

CVE-2017-12363: A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affecte↗2017-11-30

▶

📋Vendor Advisories

Cisco

Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability↗2017-11-30

▶