Main Vulnerability Database Vulnerabilities #VU9463

Information disclosure in Cisco Jabber - CVE-2017-12361

Published: November 30, 2017

Vulnerability identifier: #VU9463

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-12361

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Jabber

Detailed vulnerability description

The disclosed vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to the way Cisco Jabber for Windows handles random number generation for file folders. A local attacker can fix the random number data used to establish Secure Sockets Layer (SSL) connections between clients and decrypt secure communications made by the Cisco Jabber for Windows client.

Successful exploitation of the vulnerability may result in further attacks.

How to mitigate CVE-2017-12361

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber2

Information disclosure in Cisco Jabber - CVE-2017-12361

Detailed vulnerability description

How to mitigate CVE-2017-12361

Sources

Please verify you're human