ESB-2017.2786 - [Cisco] Cisco WebEx Meetings Server: Multiple vulnerabilities 2017-11-02

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2786
           Cisco WebEx Meetings Server Multiple Vulnerabilities
                              2 November 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco WebEx Meetings Server
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Cross-site Scripting     -- Remote with User Interaction
                   Access Confidential Data -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-12295 CVE-2017-12294 

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex2

Comment: This bulletin contains two (2) Cisco Systems security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

Medium

Advisory ID:
cisco-sa-20171101-webex1

First Published:
2017 November 1 16:00 GMT

Version 1.0:
Final

Workarounds:
No workarounds available

Cisco Bug IDs:
CSCvf85562

CVSS Score:
Base 5.4

CVE-2017-12294
CWE-79

Summary

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, 
remote attacker to conduct a cross-site scripting (XSS) attack against a user
of the affected system.

The vulnerability is due to insufficient input validation of some parameters 
that are passed to the web server of the affected system. An attacker could 
exploit this vulnerability by convincing a user to follow a malicious link or
by intercepting a user request and injecting malicious code into the request.
A successful exploit could allow the attacker to execute arbitrary script code
in the context of the affected web interface or allow the attacker to access 
sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1

Affected Products

Vulnerable Products

This vulnerability affects Cisco WebEx Meetings Server. For information about
affected software releases, consult the Cisco bug ID at the top of this 
advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this 
vulnerability.

Cisco has confirmed that this vulnerability does not affect the following 
Cisco-hosted WebEx products:

Cisco WebEx Meeting Center
Cisco WebEx Training Center
Cisco WebEx Event Center
Cisco WebEx Support Center
Cisco WebEx Meetings

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s) at
the top of this advisory.

When considering software upgrades, customers are advised to regularly consult
the advisories for Cisco products, which are available from the Cisco Security
Advisories and Alerts page, to determine exposure and a complete upgrade 
solution.

In all cases, customers should ensure that the devices to be upgraded contain
sufficient memory and confirm that current hardware and software 
configurations will continue to be supported properly by the new release. If 
the information is not clear, customers are advised to contact the Cisco 
Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any
public announcements or malicious use of the vulnerability that is described 
in this advisory.

Source

This vulnerability was reported to Cisco by Adam Willard of Blue Canopy.

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1

================================================================================

Cisco WebEx Meetings Server Information Disclosure Vulnerability

Medium

Advisory ID:
cisco-sa-20171101-webex2

First Published:
2017 November 1 16:00 GMT

Version 1.0:
Final

Workarounds:
No workarounds available

Cisco Bug IDs:
CSCve65818

CVSS Score:
Base 5.3

CVE-2017-12295
CWE-200

Summary

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated,
remote attacker to access sensitive data about the application. An attacker 
could exploit this vulnerability to gain information to conduct additional 
reconnaissance attacks.

The vulnerability is due to the HTTP header reply from the Cisco WebEx 
Meetings Server to the client, which could include internal network 
information that should be restricted. An attacker could exploit the 
vulnerability by attempting to use the HTTP protocol and looking at the data 
in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could 
allow the attacker to discover sensitive data about the application.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex2

Affected Products

Vulnerable Products

This vulnerability affects Cisco WebEx Meetings Server. For information about
affected software releases, consult the Cisco bug ID at the top of this 
advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this 
vulnerability.

Cisco has confirmed that this vulnerability does not affect the following 
Cisco-hosted WebEx products:

Cisco WebEx Meeting Center
Cisco WebEx Training Center
Cisco WebEx Event Center
Cisco WebEx Support Center
Cisco WebEx Meetings

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s) at
the top of this advisory.

When considering software upgrades, customers are advised to regularly consult
the advisories for Cisco products, which are available from the Cisco Security
Advisories and Alerts page, to determine exposure and a complete upgrade 
solution.

In all cases, customers should ensure that the devices to be upgraded contain
sufficient memory and confirm that current hardware and software 
configurations will continue to be supported properly by the new release. If 
the information is not clear, customers are advised to contact the Cisco 
Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any
public announcements or malicious use of the vulnerability that is described 
in this advisory.

Source

This vulnerability was reported to Cisco via a TAC case.

URL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex2

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWfqaoYx+lLeg9Ub1AQjfmA/8CnKZ7hxjLYRXsckxLFFydbGDFesjM4pq
hYiekdN38j0+l9ysBw9aM9ml3tVu606OMCoLPMFCkwaRiDhRnkOe0QCo7ynfzDUk
SlqhJPH0ebTdxsV0NjqIdL1H+O91UREIdo1FSt5m6hjvtHEOL4UBjqIcvAWDFpVq
ZmYVaRqfpPFMI/1BKVXhEzAk23l+nQTVwEvgdOBJNrkNwXiS/eCx5e6KC/3PUkVm
fx2L58xbG52VrP4bIUG9Z6yXWgMBg1Qf4TYTw1+Lrp4NfAn0ZwhmHuf8bRHdzHGx
+w9tGz8EFNlI19ejb2o4dETax2ca75LWUED429L+OyWDfrNa1ydVaxhBs6D1E895
7OIWeRij1mcEn+F7TVKyrPdxM5+cDIukzttZpCL4JVkT8enve6KdnmNkmf2yZBh3
knHD8is3X6wztV6koKnyf04mML8IH2KdgsdAAg4ZUNfejzfVXvBlQIWLKV3whal3
y2gx7dxjGlLCc6I1vKA2q3mwZ0aMF4+bIqfNQLsBu3OlKSwgPZBGFTP7lNri7gCF
3K+uZXjocVcEcJgfDpjtjcHMMjttA4FpkoBFgaXLDS9LBZL5XGQh2W/tPmbsTS7l
JCN9SEcRLsY0kP21JcQm5+R74MBNjH+BxAfqsKSveZWnH+rT2+iE/5UL/nSpoNGH
uQIxdCM27GM=
=Q6n4
-----END PGP SIGNATURE-----

« Back to bulletins