SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco WebEx Meeting Center Vendors:   Cisco
Cisco WebEx Meeting Center Remote Authenticated Users Bypass Access Controls and Connect to Other Hosts via the Target System
SecurityTracker Alert ID:  1039919
SecurityTracker URL:  http://securitytracker.com/id/1039919
CVE Reference:   CVE-2017-12297   (Links to External Site)
Date:  Nov 30 2017
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco WebEx Meeting Center. A remote authenticated user can bypass access controls and connect to other hosts.

A remote authenticated user can send a specially crafted URL to bypass access controls on the target system and connect to arbitrary hosts.

The vendor has assigned bug ID CSCvf63843 to this vulnerability.

Hanson Nottingham, Security Researcher at Blue Shield of California, reported this vulnerability.

Impact:   A remote authenticated user can bypass access controls and connect to other hosts.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC