CVE-2018-0109
low-risk
Published 2018-01-18
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that could allow an attacker who is authenticated as root to gain shared secrets. An attacker could exploit the vulnerability by accessing the root account and viewing sensitive information. Successful exploitation could allow the attacker to discover sensitive information about the application. Cisco Bug IDs: CSCvg42664.
Do I need to act?
-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.7/10
Low
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/102722
Third Party Advisory
http://www.securitytracker.com/id/1040235
Third Party Advisory
http://www.securityfocus.com/bid/102722
Third Party Advisory
http://www.securitytracker.com/id/1040235
20
/ 100
low-risk
Severity
14/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal