Vulnerability in Cisco Spark Hybrid Calendar Service Exposes Sensitive Data
CVE-2017-12310
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 27 March 2018
What is CVE-2017-12310?
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could enable an unauthenticated, remote attacker to view sensitive information present in unencrypted HTTP request headers. Specifically, during the implementation of the Hybrid Calendar service, unencrypted requests are made, allowing attackers to intercept and monitor network traffic. This exploit allows unauthorized access to sensitive customer data, including email and calendar events for Office365 users, exposing them to potential further attacks. For more details, consult Cisco's advisory on the matter.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Cisco Spark Hybrid Calendar Service Cisco Spark Hybrid Calendar Service
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved