CVE-2017-6651 — Sensitive Information Exposure in Cisco Webex Meetings Server

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 36.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Server Cisco Webex Meetings Server

Timeline

PublishedMay 16

Latest updateMay 17

Description

A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/webex_meetings_server20 versions+19

▶CVEListV5cisco/cisco_webex_meetings_serverCisco WebEx Meetings Server

🔴Vulnerability Details

GHSA

GHSA-7mmm-cmfg-5466: A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access sched↗2022-05-17

▶

CVEList

CVE-2017-6651: A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access sched↗2017-05-16

▶

📋Vendor Advisories

Cisco

Cisco WebEx Meetings Server Information Disclosure Vulnerability↗2017-05-10

▶