Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-12361

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file folders. An attacker could exploit the vulnerability by fixing the random number data used to establish Secure Sockets Layer (SSL) connections between clients. An exploit could allow the attacker to decrypt secure communications made by the Cisco Jabber for Windows client. Cisco Bug IDs: CSCve44806.

Published

2017-11-30T09:29:01.353

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 4.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-200
  • Type: Primary
    CWE-330
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco jabber 11.8\(0\) Yes
Application cisco jabber 11.8\(1\) Yes
Application cisco jabber 11.8\(2\) Yes
Application cisco jabber 11.8\(3\) Yes
References