Vulnslist

find the latest Cisco vulnerabilities

Cisco WebEx Meeting Center Site Redirection Vulnerability

cisco-sa-20170118-wms4 · Medium · Published · Updated

A vulnerability in a URL parameter of Cisco WebEx could allow an unauthenticated, remote attacker to perform site redirection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including a remote site URL in the affected parameter of the Cisco WebEx URL. An exploit could allow the attacker to redirect a user to a malicious website. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4

Cisco advisory ·CSAF JSON

Workarounds

Currently, customers may contact WebEx Support to request that the Enforce BACKURL Domain Names selection be checked to disable redirection. In later releases, customers will be able to configure this functionality from the Administrator panel.

CVEsCVE-2017-3799
Cisco Bug IDsCSCzu78401
CVSS ScoreBase 5.0
Base 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco WebEx Meeting Center

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2017-3799 Cisco OpenVuln
Cisco Meraki MS Series Switches CVE-2017-3799 Cisco OpenVuln
Cisco WebEx Meeting Center CVE-2017-3799 Cisco OpenVuln