CVSS: 9.3EPSS: 87%CPEs: 54EXPL: 0CVE-2017-3823 – Cisco WebEx Chrome Extension Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-3823
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. • http://www.securityfocus.com/bid/95737 http://www.securitytracker.com/id/1037680 https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html https://blog.filippo.io/webex-extension-vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex https://www.kb.cert.org/vuls/id/909240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3799
https://notcve.org/view.php?id=CVE-2017-3799
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. Una vulnerabilidad en un parámetro URL de Cisco WebEx Meeting Center podría permitir a un atacante remoto no autenticado realizar redirección de sitio. Más información: CSCzu78401. • http://www.securityfocus.com/bid/95642 http://www.securitytracker.com/id/1037647 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1410
https://notcve.org/view.php?id=CVE-2016-1410
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. Cisco WebEx Meeting Center Original Release Base permite a atacantes remotos obtener información sensible acerca de la validación de nombre de usuario (1) asistiendo o (2) albergando una reunión, también conocida como Bug ID CSCux84312. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc http://www.securityfocus.com/bid/90908 http://www.securitytracker.com/id/1035977 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 2%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4208
https://notcve.org/view.php?id=CVE-2015-4208
Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. Cisco WebEx Meeting Center no restringe correctamente el contenido de URLs en solicitudes GET, lo que permite a atacantes remotos obtener información sensible o realizar ataques de inyección SQL a través de vectores que involucran el acceso de lectura a una solicitud, también conocido como Bug ID CSCup88398. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39458 http://www.securityfocus.com/bid/75361 http://www.securitytracker.com/id/1032705 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •