CVE-2017-12224 (CNNVD-201709-225)
中文标题:
Cisco Meeting Server 信息泄露漏洞
英文标题:
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting S...
漏洞描述
中文描述:
Cisco Meeting Server(前称Acano Conferencing Server,CMS)是美国思科(Cisco)公司的一套包含音频、视频的会议服务器软件。 CMS中存在信息泄露漏洞。远程攻击者可通过特制的超链接利用该漏洞直接连接到会议上。
英文描述:
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected. Cisco Bug IDs: CSCve20873.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| cisco | meeting_server | - | - | - |
cpe:2.3:a:cisco:meeting_server:-:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2017-12224 |
2025-11-11 15:19:17 | 2025-11-11 07:34:33 |
| NVD | nvd_CVE-2017-12224 |
2025-11-11 14:55:31 | 2025-11-11 07:43:12 |
| CNNVD | cnnvd_CNNVD-201709-225 |
2025-11-11 15:09:53 | 2025-11-11 07:53:17 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 信息泄露
- cnnvd_id: 未提取 -> CNNVD-201709-225
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 6.5
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 0 -> 1
- data_sources: ['cve'] -> ['cve', 'nvd']