CVE-2017-12297

A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.

Published: Nov 30, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-12297
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / webex_meeting_center	t31-sp8	t31-sp8.x
cisco / webex_meeting_center	t31-sp9	t31-sp9.x
cisco / webex_meeting_center	t30-sp7	t30-sp7.x
cisco / webex_meeting_center	t30-sp8	t30-sp8.x
cisco / webex_meeting_center	t30-sp9	t30-sp9.x
cisco / webex_meeting_center	t32	t32.x
cisco / webex_meeting_center	t32.3	t32.3.x
cisco / webex_meeting_center	t32.4	t32.4.x
cisco / webex_meeting_center	t32.6	t32.6.x
cisco / webex_meeting_center	t32.7	t32.7.x
cisco / webex_meeting_center	t32.8	t32.8.x

Vulnerability Database

289,784

CVE-2017-12297