SB2017101909 - Information disclosure in Cisco Jabber

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017101909

SB2017101909 - Information disclosure in Cisco Jabber

Published: October 19, 2017

Security Bulletin ID SB2017101909
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2017-12286)

The disclosed vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in the web interface of Cisco Jabber due to a lack of input and validation checks. A local attacker can issue specific commands and view all profile information for a user instead of only certain Jabber parameters that should be visible.

Successful exploitation of the vulnerability results in information disclosure.


2) Information disclosure (CVE-ID: CVE-2017-12284)

The disclosed vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in the web interface of Cisco Jabber for Windows Client due to a lack of input and validation checks. A local attacker can issue specific commands and view profile information where only certain parameters should be visible.

Successful exploitation of the vulnerability results in information disclosure.


Remediation

Install update from vendor's website.

References