Main Vulnerability Database SB2017081710

SB2017081710 - Information disclosure in Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers

Published: August 17, 2017

Security Bulletin ID SB2017081710

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2017-6784)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. A remote attacker can attempt to use the HTTP protocol, read data in the HTTP responses from the Cisco WebEx Meetings Server and find sensitive information about the application.

Successful exploitation of the vulnerability may result in additional reconnaissance attacks.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr