CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2017-6651
https://notcve.org/view.php?id=CVE-2017-6651
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. • http://www.securityfocus.com/bid/98387 http://www.securitytracker.com/id/1038459 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3811
https://notcve.org/view.php?id=CVE-2017-3811
An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054. Vulnerabilidad de XML en Cisco WebEx Meetings Server podría permitir a un atacante remoto autenticado tener acceso de lectura a parte de la información almacenada en el sistema afectado. • http://www.securityfocus.com/bid/96912 http://www.securitytracker.com/id/1038042 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2017-3880
https://notcve.org/view.php?id=CVE-2017-3880
An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge. Una vulnerabilidad de desvío de autenticación en Cisco WebEx Meetings Server podría permitir que un atacante remoto no autenticado acceda a la información limitada de reuniones en el servidor de Cisco WebEx Meetings. Más información: CSCvd50728. • http://www.securityfocus.com/bid/96918 http://www.securitytracker.com/id/1038040 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-webex • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 87%CPEs: 54EXPL: 0CVE-2017-3823 – Cisco WebEx Chrome Extension Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-3823
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. • http://www.securityfocus.com/bid/95737 http://www.securitytracker.com/id/1037680 https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html https://blog.filippo.io/webex-extension-vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex https://www.kb.cert.org/vuls/id/909240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3794
https://notcve.org/view.php?id=CVE-2017-3794
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de CSRF contra un usuario administrativo. • http://www.securityfocus.com/bid/95635 http://www.securitytracker.com/id/1037649 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms • CWE-352: Cross-Site Request Forgery (CSRF) •