← Back

CVE-2017-12297

nvd nist
Published: Nov 30, 2017Modified: May 13, 2026

JSON object

Loading...
5.0
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Exploitability: 3.1 / Impact: 1.4
Source: NVD

Description

A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.

Affected (11)

Cisco
1 product
Webex Meeting Center
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Webex Meeting Center
Version t30 sp7
Webex Meeting Center
Version t30 sp8
Webex Meeting Center
Version t30 sp9
Webex Meeting Center
Version t31 sp8
Webex Meeting Center
Version t31 sp9
Webex Meeting Center
Version t32.3
Webex Meeting Center
Version t32.4
Webex Meeting Center
Version t32.6
Webex Meeting Center
Version t32.7
Webex Meeting Center
Version t32.8
Webex Meeting Center
Version t32

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.