Security restrictions bypass in Cisco Meeting Server
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-12249 |
| CWE-ID | CWE-16 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Meeting Server Client/Desktop applications / Multimedia software |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security restrictions bypass
EUVDB-ID: #VU8423
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12249
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain unauthenticated or unauthorized access to components of sensitive information.
The weakness exists due to incorrect default configuration of the TURN server. A remote attacker can use a TURN server, depending on the deployment model and CMS services in use to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster and gain unauthorized access to sensitive meeting information. Successful exploitation of the vulnerability is able if the attacker has valid credentials for the TURN server.
The vulnerability is addressed in the following versions: 2.0.16, 2.1.11, 2.2.6.
Vulnerable software versionsCisco Meeting Server: 2.0.1 - 2.1.4
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
