Main Vulnerability Database Vulnerabilities #VU8888

#VU8888 Information disclosure in Cisco Jabber - CVE-2017-12284

Published: October 19, 2017

Vulnerability identifier: #VU8888

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-12284

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Jabber

Software vendor:
Cisco Systems, Inc

Description

The disclosed vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in the web interface of Cisco Jabber for Windows Client due to a lack of input and validation checks. A local attacker can issue specific commands and view profile information where only certain parameters should be visible.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update to version 11.8(4.52954).

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab