#VU7981 Information disclosure in Cisco Systems, Inc products - CVE-2017-6784
Published: August 16, 2017 / Updated: July 20, 2018
Vulnerability identifier: #VU7981
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6784
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco RV345P Dual WAN Gigabit VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco RV345P Dual WAN Gigabit VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. A remote attacker can attempt to use the HTTP protocol, read data in the HTTP responses from the Cisco WebEx Meetings Server and find sensitive information about the application.
Successful exploitation of the vulnerability may result in additional reconnaissance attacks.
Remediation
Install update from vendor's website.