CVE-2017-3811 — XML External Entity (XXE) Injection in Cisco Webex Meetings Server

CWE-611 — XML External Entity (XXE) Injection CWE-20 — Improper Input Validation5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 44.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Server Cisco Webex Meetings Server

Timeline

PublishedMar 17

Latest updateMay 17

Description

An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/webex_meetings_server2.6

▶CVEListV5cisco/cisco_webex_meetings_serverCisco WebEx Meetings Server

🔴Vulnerability Details

GHSA

GHSA-52pr-5rrw-jrw9: An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the i↗2022-05-17

▶

CVEList

CVE-2017-3811: An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the i↗2017-03-17

▶

💥Exploits & PoCs

Exploit-DB

WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection↗2018-01-03

▶

📋Vendor Advisories

Cisco

Cisco WebEx Meetings Server XML External Entity Vulnerability↗2017-03-15

▶