CVE-2017-12361
Last modified
CVE-2017-12361 is a vulnerability of currently unknown severity. A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file folders. An attacker could exploit the vulnerability by fixing the random number data used to establish Secure Sockets Layer (SSL) connections between clients. An exploit could allow the attacker to decrypt secure communications made by the Cisco Jabber for Windows client. Cisco Bug IDs: CSCve44806.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Jabber | 11.8\(0\) |
| Cisco | Jabber | 11.8\(1\) |
| Cisco | Jabber | 11.8\(2\) |
| Cisco | Jabber | 11.8\(3\) |
References
- http://www.securityfocus.com/bid/101994Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039915Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/101994Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039915Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12361?
How severe is CVE-2017-12361?
How do I fix CVE-2017-12361?
Are you affected by CVE-2017-12361?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST