Sign-up

ID

VAR-201710-0642


CVE

CVE-2017-12264


TITLE

Cisco Meeting Server Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009266

DESCRIPTION

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A successful exploit could allow the attacker to cause a reload of the Web Admin Server. Cisco Bug IDs: CSCve89149. Cisco Meeting Server Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve89149 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Web Admin Interface is one of the Web login interfaces

Trust: 1.98

sources: NVD: CVE-2017-12264 // JVNDB: JVNDB-2017-009266 // BID: 101148 // VULHUB: VHN-102769

AFFECTED PRODUCTS

vendor:ciscomodel:meeting serverscope: - version: -

Trust: 1.4

vendor:ciscomodel:meeting serverscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:meeting serverscope:eqversion:2.2.3

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.2.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.2.1

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.11

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.8

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.4

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.16

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.15

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.7

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.3

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0.1

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1.2

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:meeting serverscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:meeting serverscope:neversion:2.2.4

Trust: 0.3

sources: BID: 101148 // JVNDB: JVNDB-2017-009266 // CNNVD: CNNVD-201710-054 // NVD: CVE-2017-12264

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12264
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12264
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201710-054
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102769
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12264
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102769
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12264
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102769 // JVNDB: JVNDB-2017-009266 // CNNVD: CNNVD-201710-054 // NVD: CVE-2017-12264

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-102769 // JVNDB: JVNDB-2017-009266 // NVD: CVE-2017-12264

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-054

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201710-054

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009266

PATCH
title:cisco-sa-20171004-cmsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cms
Trust: 0.8
title:Cisco Meeting Server Web Admin Interface Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75271
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009266 // 
            
            
            
            CNNVD: CNNVD-201710-054

EXTERNAL IDS
db:NVDid:CVE-2017-12264
Trust: 2.8
db:BIDid:101148
Trust: 2.0
db:SECTRACKid:1039506
Trust: 1.7
db:JVNDBid:JVNDB-2017-009266
Trust: 0.8
db:CNNVDid:CNNVD-201710-054
Trust: 0.7
db:VULHUBid:VHN-102769
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102769 // 
            
            
            
            BID: 101148 // 
            
            
            
            JVNDB: JVNDB-2017-009266 // 
            
            
            
            CNNVD: CNNVD-201710-054 // 
            
            
            
            NVD: CVE-2017-12264

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171004-cms
Trust: 2.0
url:http://www.securityfocus.com/bid/101148
Trust: 1.7
url:http://www.securitytracker.com/id/1039506
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12264
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12264
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-102769 // 
            
            
            
            BID: 101148 // 
            
            
            
            JVNDB: JVNDB-2017-009266 // 
            
            
            
            CNNVD: CNNVD-201710-054 // 
            
            
            
            NVD: CVE-2017-12264

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 101148

SOURCES
db:VULHUBid:VHN-102769
db:BIDid:101148
db:JVNDBid:JVNDB-2017-009266
db:CNNVDid:CNNVD-201710-054
db:NVDid:CVE-2017-12264

LAST UPDATE DATE
2025-04-20T23:32:49.310000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102769date:2019-10-09T00:00:00
db:BIDid:101148date:2017-10-04T00:00:00
db:JVNDBid:JVNDB-2017-009266date:2017-11-07T00:00:00
db:CNNVDid:CNNVD-201710-054date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12264date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-102769date:2017-10-05T00:00:00
db:BIDid:101148date:2017-10-04T00:00:00
db:JVNDBid:JVNDB-2017-009266date:2017-11-07T00:00:00
db:CNNVDid:CNNVD-201710-054date:2017-10-10T00:00:00
db:NVDid:CVE-2017-12264date:2017-10-05T07:29:00.557