Main Vulnerability Database Vulnerabilities #VU9494

Information disclosure in Cisco WebEx Event Center - CVE-2017-12365

Published: December 1, 2017

Vulnerability identifier: #VU9494

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-12365

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco WebEx Event Center

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a design flaw in the product. A remote attacker can execute a query on an Event Center site to view scheduled meetings, view both listed and unlisted meetings in the displayed information and attend meetings that are not available for their attendance.

How to mitigate CVE-2017-12365

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4

Information disclosure in Cisco WebEx Event Center - CVE-2017-12365

Detailed vulnerability description

How to mitigate CVE-2017-12365

Sources

Please verify you're human