Information disclosure in Cisco WebEx Meetings Server - CVE-2017-6651
Published: May 11, 2017
Vulnerability identifier: #VU6518
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6651
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco WebEx Meetings Server
Cisco WebEx Meetings Server
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to gain potentially sensitive information.
The weakness exists due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. A remote attacker can send a specially crafted robots.txt file and access scheduled customer meetings.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. A remote attacker can send a specially crafted robots.txt file and access scheduled customer meetings.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-6651
Install update from vendor's website.