Main Vulnerability Database Vulnerabilities #VU6085

Information disclosure in Cisco WebEx Meetings Server - CVE-2017-3811

Published: March 16, 2017

Vulnerability identifier: #VU6085

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-3811

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco WebEx Meetings Server

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper handling of an XML External Entity (XXE) when parsing an XML file. A remote unauthenticated attacker can trick the victim into opening a specially crafted XML file and gain read access to part of the information stored in the affected system.

Successful exploitation of this vulnerability results in information disclosure.

How to mitigate CVE-2017-3811

Update to version 2.7.1.2054.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms

Information disclosure in Cisco WebEx Meetings Server - CVE-2017-3811

Detailed vulnerability description

How to mitigate CVE-2017-3811

Sources

Please verify you're human