How severe is CVE-2017-12266?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2017-12266?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2017-12266

MEDIUM Year: 2017

CVSS v3 Score

4.2

Medium

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-264

View all →

Vulnerability Description

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL files before they are loaded. An attacker could exploit this vulnerability by installing a crafted DLL file in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to those of Cisco Meeting App. The attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvd77907.

CVE-2015-5233

MEDIUM

CVSS:4.2(Medium)

Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary ho...

CWE-2642015

CVE-2019-14879

MEDIUM

CVSS:4.2(Medium)

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoke...

CWE-2642019

CVE-2019-1727

MEDIUM

CVSS:4.2(Medium)

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker'...

CWE-2642019

CVE-2014-6276

MEDIUM

CVSS:4.3(Medium)

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing ...

CWE-2642014

CVE-2015-0861

MEDIUM

CVSS:4.3(Medium)

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write ...

CWE-2642015

CVE-2015-3273

MEDIUM

CVSS:4.3(Medium)

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated u...

CWE-2642015

CVE-2017-12266

Vulnerability Description

Related Vulnerabilities

CVE-2015-5233

CVE-2019-14879

CVE-2019-1727

CVE-2014-6276

CVE-2015-0861

CVE-2015-3273