CVE-2017-3811
https://notcve.org/view.php?id=CVE-2017-3811
An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054. Vulnerabilidad de XML en Cisco WebEx Meetings Server podría permitir a un atacante remoto autenticado tener acceso de lectura a parte de la información almacenada en el sistema afectado. • http://www.securityfocus.com/bid/96912 http://www.securitytracker.com/id/1038042 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2017-3823 – Cisco WebEx Chrome Extension Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-3823
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. • http://www.securityfocus.com/bid/95737 http://www.securitytracker.com/id/1037680 https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html https://blog.filippo.io/webex-extension-vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex https://www.kb.cert.org/vuls/id/909240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-3794
https://notcve.org/view.php?id=CVE-2017-3794
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de CSRF contra un usuario administrativo. • http://www.securityfocus.com/bid/95635 http://www.securitytracker.com/id/1037649 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-3796
https://notcve.org/view.php?id=CVE-2017-3796
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6. Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir a un atacante remoto autenticado ejecutar comandos shell predeterminados en otros anfitriones. Más información: CSCuz03353. • http://www.securityfocus.com/bid/95641 http://www.securitytracker.com/id/1037651 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-3795
https://notcve.org/view.php?id=CVE-2017-3795
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir a un atacante remoto autenticado llevar a cabo cambios arbitrarios de contraseña contra cualquier usuario no administrativo. • http://www.securityfocus.com/bid/95643 http://www.securitytracker.com/id/1037650 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1 • CWE-287: Improper Authentication •