First published: Thu Nov 30 2017(Updated: )
A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco WebEx Meeting Center | =t30-sp7 | |
Cisco WebEx Meeting Center | =t30-sp8 | |
Cisco WebEx Meeting Center | =t30-sp9 | |
Cisco WebEx Meeting Center | =t31-sp8 | |
Cisco WebEx Meeting Center | =t31-sp9 | |
Cisco WebEx Meeting Center | =t32 | |
Cisco WebEx Meeting Center | =t32.3 | |
Cisco WebEx Meeting Center | =t32.4 | |
Cisco WebEx Meeting Center | =t32.6 | |
Cisco WebEx Meeting Center | =t32.7 | |
Cisco WebEx Meeting Center | =t32.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-12297 is a vulnerability in Cisco WebEx Meeting Center that allows an authenticated remote attacker to initiate connections to arbitrary hosts.
The severity of CVE-2017-12297 is medium.
CVE-2017-12297 affects all versions of Cisco WebEx Meeting Center, including t30-sp7, t30-sp8, t30-sp9, t31-sp8, t31-sp9, t32, t32.3, t32.4, t32.6, t32.7, and t32.8.
CVE-2017-12297 is a URL Redirection Vulnerability.
You can find more information about CVE-2017-12297 on the Cisco Security Advisory [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc).