Main Vulnerability Database Vulnerabilities #VU8884

Resource exhaustion in Cisco WebEx Meetings Server - CVE-2017-12293

Published: October 19, 2017

Vulnerability identifier: #VU8884

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-12293

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco WebEx Meetings Server

Detailed vulnerability description

The disclosed vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists in Cisco WebEx Meetings Server due to insufficient limitations on the number of connections that can be made. A remote attacker can open multiple connections to the server, trigger server resources exhausting and cause the server to reload.

Successful exploitation of the vulnerability results in denial of service.

How to mitigate CVE-2017-12293

Update to version 2.8.1.1034.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms

Resource exhaustion in Cisco WebEx Meetings Server - CVE-2017-12293

Detailed vulnerability description

How to mitigate CVE-2017-12293

Sources

Please verify you're human