CVE-2017-12365 — Vulnetix

CVE-2017-12365 PUBLISHED CVSS 4 MEDIUM

A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629.

EPSS 0.25% · 48.9th percentile

Risk Scores

CVSS 2.0

EPSS Score

0.25%

48.9th percentile

Affected Products

Vendor	Product	Versions
cisco	webex_meeting_center	*
n/a	Cisco WebEx Event Center	Cisco WebEx Event Center

Exploit Intelligence

101999 (circl)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4 (circl)
1039920 (circl)

Timeline

Nov 29, 2017 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 28, 2022 EPSS Score
May 2, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Jan 8, 2023 EPSS Score

References

Open in Interactive Console →