CVE-2017-6651

A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
ciscowebex_meetings_server
2.5.1.5
ciscowebex_meetings_server
2.5.1.29
ciscowebex_meetings_server
2.5.99.2
ciscowebex_meetings_server
2.5_base:_base
ciscowebex_meetings_server
2.5_mr1:_mr1
ciscowebex_meetings_server
2.5_mr2:_mr2
ciscowebex_meetings_server
2.5_mr2:_mr2
ciscowebex_meetings_server
2.5_mr3:_mr3
ciscowebex_meetings_server
2.5_mr4:_mr4
ciscowebex_meetings_server
2.5_mr5:_mr5
ciscowebex_meetings_server
2.5_mr5:_mr5
ciscowebex_meetings_server
2.5_mr6:_mr6
ciscowebex_meetings_server
2.5_mr6:_mr6
ciscowebex_meetings_server
2.5_mr6:_mr6
ciscowebex_meetings_server
2.5_mr6:_mr6
ciscowebex_meetings_server
2.5_mr6:_mr6
ciscowebex_meetings_server
2.6.0
ciscowebex_meetings_server
2.6.1.39
ciscowebex_meetings_server
2.6_mr1:_mr1
ciscowebex_meetings_server
2.6_mr1:_mr1
ciscowebex_meetings_server
2.6_mr2:_mr2
ciscowebex_meetings_server
2.6_mr2:_mr2
ciscowebex_meetings_server
2.6_mr3:_mr3
ciscowebex_meetings_server
2.6_mr3:_mr3
ciscowebex_meetings_server
2.6_mr3:_mr3
ciscowebex_meetings_server
2.7.1
ciscowebex_meetings_server
2.7_base:_base
ciscowebex_meetings_server
2.7_mr1:_mr1
ciscowebex_meetings_server
2.7_mr1:_mr1
ciscowebex_meetings_server
2.7_mr2:_mr2
ciscowebex_meetings_server
2.7_mr2:_mr2
ciscowebex_meetings_server
2.8_base:_base
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98387
http://www.securitytracker.com/id/1038459
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms
http://www.securityfocus.com/bid/98387
http://www.securitytracker.com/id/1038459
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms