CVE-2017-12249

{"id": "CVE-2017-12249", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2017-09-13T22:29:00.207", "references": [{"url": "http://www.securityfocus.com/bid/100821", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1039357", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/100821", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1039357", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-16"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server of the affected system. This vulnerability affects Cisco Meeting Server (CMS) deployments that are running a CMS Software release prior to Release 2.0.16, 2.1.11, or 2.2.6. Cisco Bug IDs: CSCvf51127."}, {"lang": "es", "value": "Una vulnerabilidad en el servidor TURN (Traversal Using Relay NAT) incluido en Cisco Meeting Server (CMS) podr\u00eda permitir que un atacante autenticado remoto obtenga acceso no autorizado o no autenticado a componentes o informaci\u00f3n sensible de un sistema afectado. La vulnerabilidad se debe a una configuraci\u00f3n por defecto incorrecta del servidor TURN, lo que podr\u00eda exponer puertos e interfaces internos en la interfaz externa de un sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad utilizando un servidor TURN para realizar una conexi\u00f3n no autorizada a un Call Bridge, un Web Bridge o un cl\u00faster de bases de datos en un sistema afectado, dependiendo del modelo de despliegue y los servicios CMS en uso. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante obtener acceso no autenticado a un Call Bridge o un cl\u00faster de bases de datos en un sistema afecado, o acceso no autorizado a informaci\u00f3n de reuniones sensible en un sistema afectado. Para explotar esta vulnerabilidad, el atacante debe poseer las credenciales v\u00e1lidas para el servidor TURN del sistema afectado. Esta vulnerabilidad afecta a los despliegues de Cisco Meeting Server (CMS) que est\u00e9n ejecutando un lanzamiento del software de CMS anterior al 2.0.16, 2.1.11 o 2.2.6. Cisco Bug IDs: CSCvf51127."}], "lastModified": "2024-11-21T03:09:07.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:meeting_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A20F8707-43C8-473D-8656-C33DD4E0C4E0", "versionEndIncluding": "2.0.15"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B310B39B-7D5D-4533-9FE6-5F47985E35B0"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2720CCF-3B73-4268-94C7-9AE3D1ECAC75"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E7F9D72-0801-43B5-A64D-14E21DFC0851"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46F5D443-3345-42B6-8EC9-5F010785D5A2"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95ECDC6B-C793-4015-A40F-152A840E6417"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FD13161-9DE7-4183-BBA3-877E83E9DD89"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AD40AE1-65C6-421B-93EB-12EEE1AF55DB"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B4E022B-7CC9-4CDC-BC75-FAAFD641A202"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09489D1A-97AB-468F-AA47-33C23D08ED95"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E050F7-7AE7-4B3E-BAFA-4CE00F3DAEA3"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "395AD9EC-465B-47A9-8D7A-05C52CBD4509"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E377BED5-DC33-44C4-A75E-73971A13C211"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5836B782-DBFC-411B-82CE-BB712B920A6A"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE719DD3-DAA4-4AE8-94D6-96201F117F3D"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7CCB9AE-494E-4AD6-ABF4-87A02D54FF97"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91F5474C-C206-4F2D-841A-A0DD6881DDBF"}, {"criteria": "cpe:2.3:a:cisco:meeting_server:2.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6778DD12-81FF-4D24-8355-E2BF9085CDA0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}