Details of VAR-201710-0644

ID

VAR-201710-0644

CVE

CVE-2017-12266

TITLE

Cisco Meeting App Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-009267

DESCRIPTION

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL files before they are loaded. An attacker could exploit this vulnerability by installing a crafted DLL file in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to those of Cisco Meeting App. The attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvd77907. Vendors have confirmed this vulnerability Bug ID CSCvd77907 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Failed exploit attempts will result in a denial of service condition

Trust: 1.98

sources: NVD: CVE-2017-12266 // JVNDB: JVNDB-2017-009267 // BID: 101158 // VULHUB: VHN-102771

AFFECTED PRODUCTS

vendor:	cisco	model:	meeting app	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	meeting application	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	meeting app	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	meeting app	scope:	eq	version:	0	Trust: 0.3

sources: BID: 101158 // JVNDB: JVNDB-2017-009267 // CNNVD: CNNVD-201710-052 // NVD: CVE-2017-12266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12266
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12266
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201710-052
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102771
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12266
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102771
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12266
baseSeverity:	MEDIUM
baseScore:	4.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.8
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102771 // JVNDB: JVNDB-2017-009267 // CNNVD: CNNVD-201710-052 // NVD: CVE-2017-12266

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-427	Trust: 1.1

sources: VULHUB: VHN-102771 // JVNDB: JVNDB-2017-009267 // NVD: CVE-2017-12266

THREAT TYPE

local

Trust: 0.9

sources: BID: 101158 // CNNVD: CNNVD-201710-052

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201710-052

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009267

PATCH

title:	cisco-sa-20171004-cma	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cma	Trust: 0.8
title:	Cisco Meeting App for Windows Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75270	Trust: 0.6

sources: JVNDB: JVNDB-2017-009267 // CNNVD: CNNVD-201710-052

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12266	Trust: 2.8
db:	BID	id:	101158	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-009267	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-052	Trust: 0.7
db:	VULHUB	id:	VHN-102771	Trust: 0.1

sources: VULHUB: VHN-102771 // BID: 101158 // JVNDB: JVNDB-2017-009267 // CNNVD: CNNVD-201710-052 // NVD: CVE-2017-12266

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171004-cma	Trust: 2.0
url:	http://www.securityfocus.com/bid/101158	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12266	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12266	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102771 // BID: 101158 // JVNDB: JVNDB-2017-009267 // CNNVD: CNNVD-201710-052 // NVD: CVE-2017-12266

CREDITS

ADLab of VenusTech.

Trust: 0.3

sources: BID: 101158

SOURCES

db:	VULHUB	id:	VHN-102771
db:	BID	id:	101158
db:	JVNDB	id:	JVNDB-2017-009267
db:	CNNVD	id:	CNNVD-201710-052
db:	NVD	id:	CVE-2017-12266

LAST UPDATE DATE

2025-04-20T23:12:52.265000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102771	date:	2019-10-09T00:00:00
db:	BID	id:	101158	date:	2017-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-009267	date:	2017-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201710-052	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12266	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102771	date:	2017-10-05T00:00:00
db:	BID	id:	101158	date:	2017-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-009267	date:	2017-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201710-052	date:	2017-10-12T00:00:00
db:	NVD	id:	CVE-2017-12266	date:	2017-10-05T07:29:00.620