CVE-2017-3880

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 6.4

EPSS Низкий

Описание

An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge.

Ссылки

http://www.securityfocus.com/bid/96918
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038040
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-webex
Vendor Advisory
http://www.securityfocus.com/bid/96918
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038040
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-webex
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:webex_meetings_server:2.5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5.99.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:patch_1:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:patch_1:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_1:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_2:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_3:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_4:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.6.1.39:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:patch_1:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:patch_1:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch_1:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch_2:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:patch_1:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:patch_1:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00379

Низкий

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-h6ph-8m27-fx8c

CVSS3: 6.5

github

больше 3 лет назад

BDU:2017-00680

fstec

почти 9 лет назад

Уязвимость программного обеспечения для веб-конференцсвязи Cisco WebEx Meetings Server, позволяющая нарушителю частично нарушить конфиденциальность и целостность информации