CVE-2017-12365

Severity Score

4.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629.

Una vulnerabilidad en Cisco WebEx Event Center podría permitir que un atacante remoto autenticado vea información no listada de reuniones. La vulnerabilidad se debe a un fallo de diseño en el producto. Un atacante puede ejecutar una consulta en un sitio Event Center para ver las reuniones programadas. Una consulta con éxito mostraría tanto las reuniones listadas como las no listadas en la información visualizada. Un atacante podría emplear esta información para asistir a reuniones que no tienen disponibles. Cisco Bug IDs: CSCvg33629.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-03 CVE Reserved
2017-11-30 CVE Published
2023-04-23 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/101999	Third Party Advisory
http://www.securitytracker.com/id/1039920	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Webex Meeting Center Search vendor "Cisco" for product "Webex Meeting Center"				t32.6 Search vendor "Cisco" for product "Webex Meeting Center" and version "t32.6"		-		Affected