CVE-2017-6753

Published Jul 25, 2017

Last updated 5 years ago

CVSS high 8.8

Overview

Description: A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119
ykramarz@cisco.com: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:webex_event_center:t30_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B23ACCD-6784-4043-9AD1-AD1D9149D510"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_event_center:t31_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB7E784F-423E-4ABB-AAC9-9CBBF3873702"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_event_center:t32_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35D6C33C-D91B-4C54-AA35-530293E43517"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1515E161-06AE-4A77-BA55-B04E0ECF05B1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77A34A56-995C-456D-9F66-2D4510A8746A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB819563-9DED-4339-BD3E-AB59E510EF52"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings:t30_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DE4DDB4-A4EA-48F4-ABAF-0E14CE903824"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.1_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81E8E429-36B2-41A8-A483-8FD2E7044986"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48D31BB1-C7AF-4EB8-8234-97ABDA21D4B4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5.1.131:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DC55BEF-9FDD-49FA-AC8E-53467824AB24"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7B8FEF2-8D03-4752-B829-E8694DCB850E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0.1.107:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB009CBA-0A3B-4578-BFC7-74C42CC3F107"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80B9A3E8-DD9D-451B-81A4-BADA16512845"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5C7BE43-0F81-4550-813E-66D0844E9291"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9043AE98-9A13-46F8-8E8A-BEC9E8EE0843"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.99.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8289371-84B7-4342-9EA6-2844A9C5DCDB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F4AF5A4-1B99-43F8-A659-7C57B033F2A2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8745FD6-B0B3-46A9-9254-7B13877D7080"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6.1.39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "794B669D-5A30-49CA-9F35-8F7AA5A2DF62"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABA0048F-B88D-47F6-89D6-B7EDDECBF700"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30ECA8FE-D587-4692-AA90-9706E44BAC1D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.8_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04698E83-4906-4FD9-81C1-955A6D770898"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE527118-BAFE-4120-890B-B6D3AFF91D06"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1297660-D3BF-4EB4-9AD8-F0B6CB1D7EA9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "633885BF-E4AD-4D68-BE6B-FC422C4A6756"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "735D9391-9600-4488-A5A3-9BE519991C07"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "596CF80A-6D04-4C8C-8E4C-A312F50F90CD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26700488-AE40-4B51-9205-90B2822A1473"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64859732-7AD6-4393-927A-2D610746C6B5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A173DA9-B4F4-4A1E-8A57-B7D04FAD775B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr8_patch:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DC24AAF-F4B6-45D6-9C62-09B104C72F83"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ACAED8E-CD53-4F12-858E-3AB1DB652893"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "396E0F99-BD66-4B77-BA1F-6CDC25BAD54C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE5EBC53-A135-429B-B132-B2FF8F6E2C7D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0E2C39D-1B45-42D6-B09E-1E5FA258A776"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7B02318-4867-43D4-9FB2-82A3CF59342E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA32CA3D-7617-453A-9D1B-4BCD84017573"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EE64939-BE95-454D-88C1-39A8E69A21D3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "571E071B-BF6D-4DC7-9E29-C150C18C2709"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A8E6509-E041-489C-A31E-BC4EAF5DEA1E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr2_patch:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9A3B55D-840B-48CA-9A01-97F33C24E38B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr5_patch:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2715AB5-39A2-4AB4-8DBC-A0AF0E659DF3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "478A42B0-27D5-4C01-B515-C09A5C87F49C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15D2AB6C-7C5D-44FD-9990-6EAD1CFCC10F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F63FD08C-2483-4F4D-BF90-4FC53AC51F11"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32D28387-E832-4EB5-BD0C-B64BBE42943B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6:mr1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C89D9D6-0923-4D11-A264-776AB637B007"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6:mr2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0CA8FDC-2040-44AC-B05D-D94F3387118E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6:mr3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FCAF0D6-372F-4230-A9FE-D76E6CDDBA3F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr1_patch:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F0CBF03-2DC9-4C66-A324-F007D5C03429"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr2_patch:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C416484-9739-453F-A8F8-FB2A0AE3716D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr3_patch:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7277467C-D605-496C-A666-520C7E8729CF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr3_patch:2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "032142FE-89CD-4810-A6F2-890CD16E6333"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7:mr1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CECC6270-A8DC-4B51-9675-FF428E33790C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7:mr2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C06C6985-D7A1-4146-BCAA-BA255F238172"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7_mr1_patch:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E33A813-6D07-447A-96A6-36E2B63FE799"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7_mr2_patch:1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8284327-927C-406A-BAC6-B7EF21F47407"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_support_center:t30_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68F014B7-5DDB-48DC-ABF9-DA7BC081830F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_support_center:t31_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2AAF51C-6E2A-465E-8AD9-9A170E9FC3A9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_support_center:t32_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "305F6293-1231-419B-B096-6F88943806A4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_training_center:t30_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABAA1ECC-04D7-47EA-B457-818F5BA381AA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_training_center:t31_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3E501E7-912E-462C-BC4C-5C8E1C6425AB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:webex_training_center:t32_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABB3EDE5-67C5-40E4-AB92-BBF1B8122091"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References