How severe is CVE-2017-12224?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2017-12224?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2017-12224 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected. Cisco Bug IDs: CSCve20873.

Related Vulnerabilities

CVE-2008-3474

MEDIUM

CVSS:6.5(Medium)

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy a...

CWE-2002008

CVE-2008-5083

MEDIUM

CVSS:6.5(Medium)

In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.

CWE-2002008

CVE-2010-0488

MEDIUM

CVSS:6.5(Medium)

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive infor...

CWE-2002010

CVE-2010-3330

MEDIUM

CVSS:6.5(Medium)

Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a...

CWE-2002010

CVE-2010-3664

MEDIUM

CVSS:6.5(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.

CWE-2002010

CVE-2010-3917

MEDIUM

CVSS:6.5(Medium)

Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.

CWE-2002010