Cisco WebEx Meeting Center CVE-2017-12297 URL Redirection Vulnerability

Cisco WebEx Meeting Center is prone to a remote URL-redirection vulnerability.

An attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks.

The issue is being tracked by Cisco Bug ID CSCvf63843.

Information

Bugtraq ID: 101985
Class: Input Validation Error
CVE: CVE-2017-12297

Remote: Yes
Local: No
Published: Nov 29 2017 12:00AM
Updated: Nov 29 2017 12:00AM
Credit: Hanson Nottingham, Security Researcher at Blue Shield of California
Vulnerable: Cisco WebEx Meetings T32.6
Cisco WebEx Meetings T32.4
Cisco WebEx Meetings T32.3
Cisco WebEx Meetings T32
Cisco WebEx Meetings T31SP9
Cisco WebEx Meetings T31SP8
Cisco WebEx Meetings T30SP9
Cisco WebEx Meetings T30SP8
Cisco WebEx Meetings T30SP7
Cisco WebEx Meeting Center 0

Not Vulnerable:

Exploit

An attacker can exploit this issue by enticing an unsuspecting victim into following a malicious URI.

References:

• Cisco Homepage (Cisco)
  
• Cisco WebEx Meetings Server Homepage (Cisco)
  
• cisco-sa-20171129-wmc: Cisco WebEx Meeting Center URL Redirection Vulnerability (Cisco)
  

Source: www.securityfocus.com