CVE-2017-6651
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.
Una vulnerabilidad en WebEx Meetings Server de Cisco, podría permitir que los atacantes remotos no autenticados consigan información que podría permitirles acceder a las reuniones programadas del cliente. La vulnerabilidad es debido a una configuración incompleta del archivo robots.txt en las soluciones WebEx alojadas por el cliente y se produce cuando la funcionalidad Short URL no está activada. Todas las versiones de WebEx Meetings Server de Cisco posteriores a versión 2.5MR4 proporcionan esta funcionalidad. Un atacante podría explotar esta vulnerabilidad por medio de un parámetro expuesto para buscar información de reunión indexada. Una explotación con éxito podría permitir al atacante obtener información programada de la reunión y potencialmente permitir que el atacante asista a las reuniones programadas de los clientes. Esta vulnerabilidad afecta a las siguientes versiones de WebEx Meetings Server de Cisco: 2.5, 2.6, 2.7, 2.8. ID de bug de Cisco: CSCve25950.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-03-09 CVE Reserved
- 2017-05-16 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/98387 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038459 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms | 2017-07-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5.1.5 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5.1.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5.1.29 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5.1.29" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5.99.2 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5.99.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_base Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr1 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr2 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr2 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr2" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr3 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr4 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr5 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr5 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr5" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr6 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr6 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr6" | patch_1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr6 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr6" | patch2 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr6 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr6" | patch3 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.5_mr6 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.5_mr6" | patch4 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.6.0 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.6.1.39 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.6.1.39" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.6_mr1 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.6_mr1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.6_mr1 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.6_mr1" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.6_mr2 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.6_mr2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.6_mr2 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.6_mr2" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.6_mr3 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.6_mr3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.6_mr3 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.6_mr3" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.6_mr3 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.6_mr3" | patch2 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.7.1 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.7.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.7_base Search vendor "Cisco" for product "Webex Meetings Server" and version "2.7_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.7_mr1 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.7_mr1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.7_mr1 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.7_mr1" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.7_mr2 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.7_mr2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.7_mr2 Search vendor "Cisco" for product "Webex Meetings Server" and version "2.7_mr2" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Webex Meetings Server Search vendor "Cisco" for product "Webex Meetings Server" | 2.8_base Search vendor "Cisco" for product "Webex Meetings Server" and version "2.8_base" | - |
Affected
| ||||||