Cisco WebEx Meeting Center sc3100 Open Redirect Vulnerability


Description   (:An open redirect vulnerability has been identified in WebEx Meeting Center.:A remote attacker could exploit it by inciting their victims to follow a specially crafted link in order to redirect to a malicious website.::The vulnerability is located in the "BU" parameter of the "/sc3100/m.do" module.::A proof of concept is available.)
     
Vulnerable Products   Vulnerable Software:
WebEx Meeting Center (Cisco) - T28.1
     
Solution   Cisco has released new versions of WebEx Meeting Center which fix this vulnerability.
     
CVE   CVE-2017-3799
     
References   - cisco-sa-20170118-wms4 : Cisco WebEx Meeting Center Site Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-01-18 

 Target Type 
Client 

 Possible exploit 
Remote