CVE-2017-3795 — Improper Authentication in Cisco Webex Meetings Server

CWE-287 — Improper Authentication CWE-2554 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 70.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Server

Timeline

PublishedJan 26

Latest updateMay 13

Description

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶NVDcisco/webex_meetings_server2.6.0

🔴Vulnerability Details

GHSA

GHSA-9xqc-m7wj-2pvm: A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-adm↗2022-05-13

▶

CVEList

CVE-2017-3795: A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-adm↗2017-01-26

▶

📋Vendor Advisories

Cisco

Cisco WebEx Meetings Server Arbitrary Password Change Vulnerability↗2017-01-18

▶