Vulnerability Details : CVE-2017-6753
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.
Vulnerability category: OverflowExecute code
Products affected by CVE-2017-6753
- cpe:2.3:a:cisco:webex_meeting_center:t31_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meeting_center:t30_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meeting_center:t32_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_training_center:t30_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_training_center:t31_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_training_center:t32_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.5.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.6.1.39:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.0_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.8_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:1.1_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:1.5.1.131:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:2.0.1.107:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:1.5.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:1.5_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_event_center:t31_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_event_center:t30_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_event_center:t32_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings:t30_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.7_mr1_patch:1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5:mr5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5:mr6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5:mr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5:mr2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5:mr3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5:mr4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.6:mr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.6:mr2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.6:mr3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0:mr7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0:mr3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0:mr4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0:mr2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0:mr8:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0:mr5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0:mr6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0:mr9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.7:mr2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.7:mr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5_mr5_patch:1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.0_mr8_patch:1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.6_mr3_patch:2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.6_mr3_patch:1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.5_mr2_patch:1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.6_mr2_patch:1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_support_center:t31_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_support_center:t32_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_support_center:t30_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.7_mr2_patch:1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server_2.6_mr1_patch:1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6753
3.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6753
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-6753
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2017-6753
-
http://www.securitytracker.com/id/1038911
Cisco WebEx Meetings Server Input Validation Flaws in Chrome/Firefox Browser Extensions Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1038910
Cisco WebEx Meeting Center Input Validation Flaws in Chrome/Firefox Browser Extensions Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/99614
Cisco WebEx Browser Extension CVE-2017-6753 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1038909
Cisco WebEx Event Center Input Validation Flaws in Chrome/Firefox Browser Extensions Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex
Cisco WebEx Browser Extension Remote Code Execution VulnerabilityVendor Advisory
Jump to