Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3823

CWE-119Buffer Overflow5 documents5 sources
Severity
8.8HIGH
EPSS
80.4%
top 0.88%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Cisco Gpccontainer ClassCisco WebexCisco Activetouch General Plugin Container+3 more
Timeline
PublishedFeb 1
Latest updateMay 17

Description

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5cisco_webex_browser_extensionsCisco WebEx browser extensions
NVDcisco/webex_meeting_center10 versions+9
NVDcisco/webex_meetings_server23 versions+22
NVDcisco/webex1.0.6

🔴Vulnerability Details

2
GHSA
GHSA-jvxg-m38c-9fg2: An issue was discovered in the Cisco WebEx Extension before 12022-05-17
CVEList
CVE-2017-3823: An issue was discovered in the Cisco WebEx Extension before 12017-02-01

💥Exploits & PoCs

1
Metasploit
Cisco WebEx Chrome Extension RCE (CVE-2017-3823)

📋Vendor Advisories

1
Cisco
Cisco WebEx Browser Extension Remote Code Execution Vulnerability2017-01-25
CVE-2017-3823 (HIGH CVSS 8.8) | An issue was discovered in the Cisc | cvebase.io