Sign-up

ID

VAR-201709-0687


CVE

CVE-2017-12224


TITLE

Cisco Meeting Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-007987

DESCRIPTION

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected. Cisco Bug IDs: CSCve20873. Cisco Meeting Server Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve20873 It is released as.Information may be obtained. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks

Trust: 1.98

sources: NVD: CVE-2017-12224 // JVNDB: JVNDB-2017-007987 // BID: 100657 // VULHUB: VHN-102725

AFFECTED PRODUCTS

vendor:ciscomodel:meeting serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:meeting serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:meeting serverscope:eqversion:2.1.4

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.7

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.3

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.1

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.2.1

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.1.8

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.0.15

Trust: 0.3

sources: BID: 100657 // JVNDB: JVNDB-2017-007987 // CNNVD: CNNVD-201709-225 // NVD: CVE-2017-12224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12224
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12224
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201709-225
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102725
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12224
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102725
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12224
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102725 // JVNDB: JVNDB-2017-007987 // CNNVD: CNNVD-201709-225 // NVD: CVE-2017-12224

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-102725 // JVNDB: JVNDB-2017-007987 // NVD: CVE-2017-12224

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-225

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-225

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007987

PATCH
title:cisco-sa-20170906-cmsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cms
Trust: 0.8
title:Cisco Meeting Server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74579
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-007987 // 
            
            
            
            CNNVD: CNNVD-201709-225

EXTERNAL IDS
db:NVDid:CVE-2017-12224
Trust: 2.8
db:BIDid:100657
Trust: 2.0
db:SECTRACKid:1039283
Trust: 1.7
db:JVNDBid:JVNDB-2017-007987
Trust: 0.8
db:CNNVDid:CNNVD-201709-225
Trust: 0.7
db:VULHUBid:VHN-102725
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102725 // 
            
            
            
            BID: 100657 // 
            
            
            
            JVNDB: JVNDB-2017-007987 // 
            
            
            
            CNNVD: CNNVD-201709-225 // 
            
            
            
            NVD: CVE-2017-12224

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-cms
Trust: 2.0
url:http://www.securityfocus.com/bid/100657
Trust: 1.7
url:http://www.securitytracker.com/id/1039283
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12224
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12224
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-102725 // 
            
            
            
            BID: 100657 // 
            
            
            
            JVNDB: JVNDB-2017-007987 // 
            
            
            
            CNNVD: CNNVD-201709-225 // 
            
            
            
            NVD: CVE-2017-12224

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100657

SOURCES
db:VULHUBid:VHN-102725
db:BIDid:100657
db:JVNDBid:JVNDB-2017-007987
db:CNNVDid:CNNVD-201709-225
db:NVDid:CVE-2017-12224

LAST UPDATE DATE
2025-04-20T23:25:57.360000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102725date:2019-10-09T00:00:00
db:BIDid:100657date:2017-09-06T00:00:00
db:JVNDBid:JVNDB-2017-007987date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201709-225date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12224date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-102725date:2017-09-07T00:00:00
db:BIDid:100657date:2017-09-06T00:00:00
db:JVNDBid:JVNDB-2017-007987date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201709-225date:2017-09-08T00:00:00
db:NVDid:CVE-2017-12224date:2017-09-07T21:29:00.567