#VU8884 Resource exhaustion in Cisco WebEx Meetings Server - CVE-2017-12293

Cybersecurity Help s.r.o.

Published: 2017-10-19

Vulnerability identifier: #VU8884

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-12293

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco WebEx Meetings Server
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor: Cisco Systems, Inc

Description

The disclosed vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists in Cisco WebEx Meetings Server due to insufficient limitations on the number of connections that can be made. A remote attacker can open multiple connections to the server, trigger server resources exhausting and cause the server to reload.

Successful exploitation of the vulnerability results in denial of service.

Mitigation
Update to version 2.8.1.1034.

Vulnerable software versions

Cisco WebEx Meetings Server: 2.7

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco WebEx Meetings Server