Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-12249

Опубликовано: 13 сент. 2017
Источник: nvd
CVSS3: 9.1
CVSS2: 9
EPSS Низкий

Описание

A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server of

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:meeting_server:*:*:*:*:*:*:*:*
Версия до 2.0.15 (включая)
cpe:2.3:a:cisco:meeting_server:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting_server:2.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 79%
0.01223
Низкий

9.1 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-16
CWE-668

Связанные уязвимости

github логотип

GHSA-9m39-hmv3-2f6w

CVSS3: 9.1
github
больше 3 лет назад

A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server ...

EPSS

Процентиль: 79%
0.01223
Низкий

9.1 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-16
CWE-668