var-201702-0790
Vulnerability from variot
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. Cisco WebEx Is an online conferencing system. WebEx In online meetings using, participants typically join the meeting through a link on a web page. By following the link, through web browser extensions WebEx The software is started. (CWE-78) Exists. This issue is being tracked by Cisco Bug IDs CSCvc86959 and CSCvc88194. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM). Cisco WebEx extensions and plugins have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0790",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.5_mr3"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.5_mr2"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.5_mr6"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.5_mr5"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.5_mr4"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5_mr1"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_mr5"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_mr7"
},
{
"model": "download manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.0.9"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_mr8"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6_mr3"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6_base"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6_mr2"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.7_mr1"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5_base"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.7_mr2"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.7_mr2"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.7_mr1"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "t30_base"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6_base"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_mr2"
},
{
"model": "webex",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.6"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_mr6"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_base"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.7_base"
},
{
"model": "activetouch general plugin container",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "105"
},
{
"model": "gpccontainer class",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "10031.6.2017.0125"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6_mr1"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6_mr3"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_mr4"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "t29_base"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_mr3"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "t31_base"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.7_base"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_mr9"
},
{
"model": "webex meeting center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6_mr2"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6_mr1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "activetouch general plugin container",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "106 earlier (firefox)"
},
{
"model": "webex",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "extension 1.0.7 earlier (chrome)"
},
{
"model": "download manager",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "activex control 2.1.0.10 earlier (internet explorer)"
},
{
"model": "gpccontainer class activex control",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "10031.6.2017.0127 earlier (internet explorer)"
},
{
"model": "activetouch general plugin container",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0"
},
{
"model": "webex internet explorer gpccontainer activex",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "webex extension for chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "webex extension",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.5"
},
{
"model": "webex extension",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.3"
},
{
"model": "webex extension",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.2"
},
{
"model": "activetouch general plugin container",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "106"
},
{
"model": "webex internet explorer gpccontainer activex",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "10031.6.2017.0127"
},
{
"model": "webex extension for chrome",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "1.0.7"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#909240"
},
{
"db": "BID",
"id": "95737"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001113"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-072"
},
{
"db": "NVD",
"id": "CVE-2017-3823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:activetouch_general_plugin_container:105:*:*:*:*:firefox:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex:*:*:*:*:*:chrome:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:download_manager:2.1.0.9:*:*:*:*:internet_explorer:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:gpccontainer_class:*:*:*:*:*:internet_explorer:*:*",
"cpe_name": [],
"versionEndIncluding": "10031.6.2017.0125",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.6_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:t31_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.6_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:t29_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:t30_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.7_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was reported to Cisco by Tavis Ormandy of Google.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-072"
}
],
"trust": 0.6
},
"cve": "CVE-2017-3823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-3823",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.8,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3823",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-112026",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-3823",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3823",
"trust": 2.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-072",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-112026",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-3823",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#909240"
},
{
"db": "VULHUB",
"id": "VHN-112026"
},
{
"db": "VULMON",
"id": "CVE-2017-3823"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001113"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-072"
},
{
"db": "NVD",
"id": "CVE-2017-3823"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. Cisco WebEx Is an online conferencing system. WebEx In online meetings using, participants typically join the meeting through a link on a web page. By following the link, through web browser extensions WebEx The software is started. (CWE-78) Exists. \nThis issue is being tracked by Cisco Bug IDs CSCvc86959 and CSCvc88194. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM). Cisco WebEx extensions and plugins have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3823"
},
{
"db": "CERT/CC",
"id": "VU#909240"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001113"
},
{
"db": "BID",
"id": "95737"
},
{
"db": "VULHUB",
"id": "VHN-112026"
},
{
"db": "VULMON",
"id": "CVE-2017-3823"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-112026",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112026"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3823",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#909240",
"trust": 3.1
},
{
"db": "BID",
"id": "95737",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1037680",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU90868591",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001113",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-072",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "140870",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-112026",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3823",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#909240"
},
{
"db": "VULHUB",
"id": "VHN-112026"
},
{
"db": "VULMON",
"id": "CVE-2017-3823"
},
{
"db": "BID",
"id": "95737"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001113"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-072"
},
{
"db": "NVD",
"id": "CVE-2017-3823"
}
]
},
"id": "VAR-201702-0790",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-112026"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T23:03:47.930000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco WebEx Browser Extension Remote Code Execution Vulnerability (cisco-sa-20170124-webex)",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170124-webex"
},
{
"title": "Per-Site ActiveX Controls",
"trust": 0.8,
"url": "https://msdn.microsoft.com/en-us/library/dd433050(v=vs.85).aspx"
},
{
"title": "How to stop an ActiveX control from running in Internet Explorer",
"trust": 0.8,
"url": "https://support.microsoft.com/ja-jp/help/240797/how-to-stop-an-activex-control-from-running-in-internet-explorer"
},
{
"title": "Meeting Services Removal Tool - Support Utilities",
"trust": 0.8,
"url": "https://jajp.help.webex.com/docs/doc-2672#jive_content_id_meeting_services_removal_tool_"
},
{
"title": "Cisco WebEx extensions and plugins Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68286"
},
{
"title": "Cisco: Cisco WebEx Browser Extension Remote Code Execution Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170124-webex"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2019/04/01/security_roundup_290319/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2017/08/16/disdain_exploit_kit/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3823"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001113"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-072"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112026"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001113"
},
{
"db": "NVD",
"id": "CVE-2017-3823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170124-webex"
},
{
"trust": 2.4,
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"trust": 2.3,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"trust": 2.0,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
},
{
"trust": 2.0,
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/95737"
},
{
"trust": 1.2,
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1037680"
},
{
"trust": 0.8,
"url": "https://help.webex.com/docs/doc-2672"
},
{
"trust": 0.8,
"url": "https://msdn.microsoft.com/en-us/library/dd433050(v=vs.85).aspx#_user"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3823"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90868591/"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3823"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "webex.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#909240"
},
{
"db": "VULHUB",
"id": "VHN-112026"
},
{
"db": "VULMON",
"id": "CVE-2017-3823"
},
{
"db": "BID",
"id": "95737"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001113"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-072"
},
{
"db": "NVD",
"id": "CVE-2017-3823"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#909240"
},
{
"db": "VULHUB",
"id": "VHN-112026"
},
{
"db": "VULMON",
"id": "CVE-2017-3823"
},
{
"db": "BID",
"id": "95737"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001113"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-072"
},
{
"db": "NVD",
"id": "CVE-2017-3823"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-27T00:00:00",
"db": "CERT/CC",
"id": "VU#909240"
},
{
"date": "2017-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-112026"
},
{
"date": "2017-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3823"
},
{
"date": "2017-01-24T00:00:00",
"db": "BID",
"id": "95737"
},
{
"date": "2017-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001113"
},
{
"date": "2017-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-072"
},
{
"date": "2017-02-01T11:59:00.133000",
"db": "NVD",
"id": "CVE-2017-3823"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-27T00:00:00",
"db": "CERT/CC",
"id": "VU#909240"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-112026"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3823"
},
{
"date": "2017-02-02T01:03:00",
"db": "BID",
"id": "95737"
},
{
"date": "2017-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001113"
},
{
"date": "2019-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-072"
},
{
"date": "2017-10-10T01:30:22.267000",
"db": "NVD",
"id": "CVE-2017-3823"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-072"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco WebEx web browser extension allows arbitrary code execution",
"sources": [
{
"db": "CERT/CC",
"id": "VU#909240"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-072"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.