CVE-2017-12286

Name of the Vulnerable Software and Affected Versions Cisco Jabber versions prior to 1.9.31

Description A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information, leading to the disclosure of confidential information. This is due to a lack of input and validation checks in the affected software. An attacker could exploit this by authenticating locally and issuing specific commands to retrieve all profile information for a user, instead of only certain visible Jabber parameters.

Recommendations For versions prior to 1.9.31, update to Release 1.9.31 or later to resolve the issue. As a temporary workaround, consider restricting local access to the affected system to minimize the risk of exploitation.