Input Validation Vulnerability in Cisco Jabber for Windows Client
CVE-2017-12284

5.5MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Jabber For Windows Client
Vendor
CVE Published:
19 October 2017

What is CVE-2017-12284?

A flaw in the web interface of Cisco Jabber for Windows Client can allow an authenticated local attacker to access sensitive user profile information. This vulnerability arises from inadequate input- and validation-checking mechanisms. By executing targeted commands post-authentication, an attacker may exploit this vulnerability to reveal profile details that should remain restricted, potentially leading to significant data breaches. Relevant Cisco Bug IDs include CSCve14401.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Jabber for Windows Client Cisco Jabber for Windows Client

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039624
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101501
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.