Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0157 Multiple vulnerabilities have been identified in Cisco WebEx Meetings Server 19 January 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco WebEx Meetings Server Publisher: Cisco Systems Operating System: Cisco Virtualisation Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Cross-site Request Forgery -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-3799 CVE-2017-3797 CVE-2017-3796 CVE-2017-3795 CVE-2017-3794 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4 Comment: This bulletin contains five (5) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Security Advisory Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability Medium Advisory ID: cisco-sa-20170118-wms First Published: 2017 January 18 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCuz03317 CVE-2017-3794 CWE-352 CVSS Score: Base 5.3, Temporal 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X CVE-2017-3794 CWE-352 Summary A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow an attacker to submit arbitrary requests to the affected device via the Administration pages with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms Affected Products Vulnerable Products Cisco WebEx Meetings Server is vulnerable. Products Confirmed Not Vulnerable No other Cisco products are currently known to be affected by this vulnerability. Details Cisco WebEx Meetings Server is a highly secure, high-availability, fully virtualized, behind-the-firewall conferencing solution that combines audio, video, and web conferencing in a single solution. Cisco WebEx Meetings Server is optimized for the bring-your-own-device (BYOD) enterprise, so users can sign in more securely, host, and join meetings from mobile devices or Internet-connected PCs without requiring VPN access to the corporate network. Workarounds For additional information about cross-site request forgery attacks and potential mitigation methods, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Request Forgery Threat Vector. Fixed Software For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms Revision History Version Description Section Status Date 1.0 Initial public release. Final 2017-January-18 Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. - --- Cisco Security Advisory Cisco WebEx Meetings Server Arbitrary Password Change Vulnerability Medium Advisory ID: cisco-sa-20170118-wms1 First Published: 2017 January 18 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCuz03345 CVE-2017-3795 CWE-255 CVSS Score: Base 5.4, Temporal 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X CVE-2017-3795 CWE-255 Summary A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. The vulnerability is due to insufficient parameter string security. An attacker could exploit this vulnerability by creating a password-protected meeting and utilizing system-provided parameters to change a non-administrative user password. A successful exploit could allow an attacker to change the password of a targeted user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1 Affected Products Vulnerable Products Cisco WebEx Meetings Server is vulnerable. Products Confirmed Not Vulnerable No other Cisco products are currently known to be affected by this vulnerability. Details Cisco WebEx Meetings Server is a highly secure, high-availability, fully virtualized, behind-the-firewall conferencing solution that combines audio, video, and web conferencing in a single solution. Cisco WebEx Meetings Server is optimized for the bring-your-own-device (BYOD) enterprise, so users can sign in more securely, host, and join meetings from mobile devices or Internet-connected PCs without requiring VPN access to the corporate network. Workarounds There are no workarounds available. Fixed Software For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1 Revision History Version Description Section Status Date 1.0 Initial public release. Final 2017-January-18 Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. - --- Cisco Security Advisory Cisco WebEx Meetings Server Command Bypass Vulnerability Medium Advisory ID: cisco-sa-20170118-wms2 First Published: 2017 January 18 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCuz03353 CVE-2017-3796 CWE-78 CVSS Score: Base 5.4, Temporal 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X CVE-2017-3796 CWE-78 Summary A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. The vulnerability is due to insufficient security configurations of bash in interactive mode. An attacker could exploit this vulnerability by connecting to a host as root and then connecting to another host via SSH and issuing predetermined shell commands. A successful exploit could allow an attacker to execute commands as root on any other Cisco WebEx Meeting Server host. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://tools.cisco.com/ security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2 Affected Products Vulnerable Products Cisco WebEx Meetings Server is vulnerable. Products Confirmed Not Vulnerable No other Cisco products are currently known to be affected by this vulnerability. Details Cisco WebEx Meetings Server is a highly secure, high-availability, fully virtualized, behind-the-firewall conferencing solution that combines audio, video, and web conferencing in a single solution. Cisco WebEx Meetings Server is optimized for the bring-your-own-device (BYOD) enterprise, so users can sign in more securely, host, and join meetings from mobile devices or Internet-connected PCs without requiring VPN access to the corporate network. Workarounds There are no workarounds available. Fixed Software For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2 Revision History Version Description Section Status Date 1.0 Initial public release. Final 2017-January-18 Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. - --- Cisco Security Advisory Cisco WebEx Meetings Server Information Disclosure Vulnerability Medium Advisory ID: cisco-sa-20170118-wms3 First Published: 2017 January 18 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvb60655 CVE-2017-3797 CWE-200 CVSS Score: Base 5.3, Temporal 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X CVE-2017-3797 CWE-200 Summary A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. The vulnerability is due to insufficient masking of sensitive data in the HTTP response. An attacker could exploit this vulnerability by issuing specific HTTP requests. An exploit could allow the attacker to view the fully qualified domain name of the server. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3 Affected Products Vulnerable Products Cisco WebEx Meetings Server is affected. Products Confirmed Not Vulnerable No other Cisco products are currently known to be affected by this vulnerability. Workarounds Workarounds are not available. Fixed Software For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications Subscribe URL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3 Revision History Version Description Section Status Date 1.0 Initial public release. Final 2017-January-18 Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. - --- Cisco Security Advisory Cisco WebEx Meeting Center Site Redirection Vulnerability Medium Advisory ID: cisco-sa-20170118-wms4 First Published: 2017 January 18 16:00 GMT Version 1.0: Final Workarounds: Yes Cisco Bug IDs: CSCzu78401 CVE-2017-3799 CWE-22 CVSS Score: Base 5.0, Temporal 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X CVE-2017-3799 CWE-22 Summary A vulnerability in a URL parameter of Cisco WebEx could allow an unauthenticated, remote attacker to perform site redirection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including a remote site URL in the affected parameter of the Cisco WebEx URL. An exploit could allow the attacker to redirect a user to a malicious website. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4 Affected Products Vulnerable Products Cisco WebEx Meeting Center is affected. Products Confirmed Not Vulnerable No other Cisco products are currently known to be affected by this vulnerability. Workarounds Currently, customers may contact WebEx Support to request that the Enforce BACKURL Domain Names selection be checked to disable redirection. In later releases, customers will be able to configure this functionality from the Administrator panel. Fixed Software For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source This vulnerability was reported by Lawrence Amer. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4 Revision History Version Description Section Status Date 1.0 Initial public release. Final 2017-January-18 Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWIAUUox+lLeg9Ub1AQid4xAApHm3/TtSVAWKm+F8hTMCByNLTTX7ahTY WVEC7vGkm8bRFSjaPj1MkdqFKlMrAk92XPMzb8PwIhMc4MWH752POMjYzgMGRfll 5L6A4dYInokDDsM79hhAwfnFuMMVOARQvJy7+t8o3xNXaSC1RBB89xYcY9L6GEn8 H09nLGVnZMO2x4hOosqfBP/jYRykq1Qb61akJG1YPwtbA8V8cRP12CUS28feojE+ hME/O2abv1GDHPNtjr6aUHOKMv9kGEvOSjEjdr8yUo2NepBrut14eLug7yl2WWwB 0d8MaItFd48WSKHt2ViCC8IB5ei60tkBpfu1J3qx1hca16h1U8WEFz/LRLA2ZiAe 9XyUlfBHgl3ZSpR5QsG1YPAJSn19OQ1FAVfg37NZD2JQIx5QwmCHK+ZvOYHxP6ew wX6GKXNTB0DInThMuY2HzSWkMq+1JvCtf6JpH6l7O2+H1V42nhQ8h6HGh6Wb0Bee 2WJUWNFqj/B9oyopmaljABzVVgUwcSbh+hTWxST6RWl9kH3ENi4xk4ODq/fiJlr/ TegeIhF4Zmg3cfaDY4hkcBrlEnQytxxNrTZ3BebTvW7vZOn/S/7Rj6Z/O7Jth7RO 0orSKMCmXPG2r9j7Talq9yUVm5f6VxKr2yxuJLW+n8QQEq7hmGkSAJb573Lqou1T eCK8OKDqyB0= =RDTh -----END PGP SIGNATURE-----