CVE-2018-0110 (CNNVD-201801-612)
中文标题:
Cisco WebEx Meetings Server 安全漏洞
英文标题:
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to acce...
漏洞描述
中文描述:
Cisco WebEx Meetings Server(CWMS)是美国思科(Cisco)公司的WebEx会议方案中的一套包含音频、视频和Web会议的多功能会议解决方案。 CWMS中存在安全漏洞,该漏洞源于程序无法禁用配置用户账户的访问权限。远程攻击者可通过连接远程支持账户利用该漏洞更改服务器配置并获取用户数据的访问权限。
英文描述:
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| cisco | webex_meetings_server | * | - | - |
cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2018-0110 |
2025-11-11 15:19:35 | 2025-11-11 07:34:56 |
| NVD | nvd_CVE-2018-0110 |
2025-11-11 14:55:51 | 2025-11-11 07:43:33 |
| CNNVD | cnnvd_CNNVD-201801-612 |
2025-11-11 15:09:57 | 2025-11-11 07:53:32 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-201801-612
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 8.1
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 0 -> 1
- data_sources: ['cve'] -> ['cve', 'nvd']