cve-2017-6651
Vulnerability from cvelistv5
Published
2017-05-16 17:00
Modified
2024-08-05 15:33
Severity ?
Summary
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/98387Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1038459
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwmsVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98387Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038459
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwmsVendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:33:20.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038459",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038459"
          },
          {
            "name": "98387",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98387"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco WebEx Meetings Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco WebEx Meetings Server"
            }
          ]
        }
      ],
      "datePublic": "2017-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1038459",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038459"
        },
        {
          "name": "98387",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98387"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6651",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco WebEx Meetings Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco WebEx Meetings Server"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038459",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038459"
            },
            {
              "name": "98387",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98387"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6651",
    "datePublished": "2017-05-16T17:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:33:20.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5C7BE43-0F81-4550-813E-66D0844E9291\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9043AE98-9A13-46F8-8E8A-BEC9E8EE0843\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5.99.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8289371-84B7-4342-9EA6-2844A9C5DCDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F4AF5A4-1B99-43F8-A659-7C57B033F2A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F492431-5AE7-439F-81F1-B96EAD773E0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EC640D5-C840-4ABB-BD22-9B60BBFE8DD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C9AC0A6-754F-4E20-A1E5-FBEC975D6B9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEB2094F-B0E1-4129-BFD6-9FE1687B0AA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16B75EA6-516D-4550-B83D-E0EFDAA25208\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48A2A712-E8FD-460F-9A3C-3760082B8920\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"932F97E6-5C33-45E4-A425-C511A4D875EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F6F5080-355B-4A85-8DF4-D75D6A550C6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EC4CC18-3321-468F-8350-9304D4F7CCE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E30AA8C-23DB-4190-A82F-EC35C2D0A7A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABE8D8DD-7496-4F19-AC41-C3EE6B1771A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch4:*:*:*:*:*:*\", \"matchCriteriaId\": \"E72E0470-E136-4053-9CFB-10F1593BBA5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8745FD6-B0B3-46A9-9254-7B13877D7080\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.6.1.39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"794B669D-5A30-49CA-9F35-8F7AA5A2DF62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9881CF16-F617-48DA-8CB8-08C3D943CCD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"368C0D98-DFFA-434E-8416-49F5862D20B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FFFB01B-1B4F-4072-A68C-98C538DE34ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B3F8E05-F2F7-4477-8237-4561A3BE4D91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9309C030-2F02-4E7E-B3E3-035B93DD1E0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8309806-58A6-442D-AAA2-C368A28855DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4A53388-C0C8-41FE-A7D1-670B9B17C02D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABA0048F-B88D-47F6-89D6-B7EDDECBF700\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30ECA8FE-D587-4692-AA90-9706E44BAC1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DCD22A8-7E04-4782-AEB2-07878925A2AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"42642F32-7B85-4CDE-A40E-A309FC98D35D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"396253A5-EC5F-429B-ABF3-20CB0A56E658\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E669D6E2-300B-4A4D-8A71-4B4FA447185E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:2.8_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04698E83-4906-4FD9-81C1-955A6D770898\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en WebEx Meetings Server de Cisco, podr\\u00eda permitir que los atacantes remotos no autenticados consigan informaci\\u00f3n que podr\\u00eda permitirles acceder a las reuniones programadas del cliente. La vulnerabilidad es debido a una configuraci\\u00f3n incompleta del archivo robots.txt en las soluciones WebEx alojadas por el cliente y se produce cuando la funcionalidad Short URL no est\\u00e1 activada. Todas las versiones de WebEx Meetings Server de Cisco posteriores a versi\\u00f3n 2.5MR4 proporcionan esta funcionalidad. Un atacante podr\\u00eda explotar esta vulnerabilidad por medio de un par\\u00e1metro expuesto para buscar informaci\\u00f3n de reuni\\u00f3n indexada. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir al atacante obtener informaci\\u00f3n programada de la reuni\\u00f3n y potencialmente permitir que el atacante asista a las reuniones programadas de los clientes. Esta vulnerabilidad afecta a las siguientes versiones de WebEx Meetings Server de Cisco: 2.5, 2.6, 2.7, 2.8. ID de bug de Cisco: CSCve25950.\"}]",
      "id": "CVE-2017-6651",
      "lastModified": "2024-11-21T03:30:13.517",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-05-16T17:29:00.357",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/98387\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038459\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/98387\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038459\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6651\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2017-05-16T17:29:00.357\",\"lastModified\":\"2024-11-21T03:30:13.517\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en WebEx Meetings Server de Cisco, podr\u00eda permitir que los atacantes remotos no autenticados consigan informaci\u00f3n que podr\u00eda permitirles acceder a las reuniones programadas del cliente. La vulnerabilidad es debido a una configuraci\u00f3n incompleta del archivo robots.txt en las soluciones WebEx alojadas por el cliente y se produce cuando la funcionalidad Short URL no est\u00e1 activada. Todas las versiones de WebEx Meetings Server de Cisco posteriores a versi\u00f3n 2.5MR4 proporcionan esta funcionalidad. Un atacante podr\u00eda explotar esta vulnerabilidad por medio de un par\u00e1metro expuesto para buscar informaci\u00f3n de reuni\u00f3n indexada. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener informaci\u00f3n programada de la reuni\u00f3n y potencialmente permitir que el atacante asista a las reuniones programadas de los clientes. Esta vulnerabilidad afecta a las siguientes versiones de WebEx Meetings Server de Cisco: 2.5, 2.6, 2.7, 2.8. ID de bug de Cisco: CSCve25950.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5C7BE43-0F81-4550-813E-66D0844E9291\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9043AE98-9A13-46F8-8E8A-BEC9E8EE0843\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5.99.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8289371-84B7-4342-9EA6-2844A9C5DCDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4AF5A4-1B99-43F8-A659-7C57B033F2A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F492431-5AE7-439F-81F1-B96EAD773E0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EC640D5-C840-4ABB-BD22-9B60BBFE8DD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C9AC0A6-754F-4E20-A1E5-FBEC975D6B9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEB2094F-B0E1-4129-BFD6-9FE1687B0AA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16B75EA6-516D-4550-B83D-E0EFDAA25208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48A2A712-E8FD-460F-9A3C-3760082B8920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"932F97E6-5C33-45E4-A425-C511A4D875EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F6F5080-355B-4A85-8DF4-D75D6A550C6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EC4CC18-3321-468F-8350-9304D4F7CCE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E30AA8C-23DB-4190-A82F-EC35C2D0A7A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABE8D8DD-7496-4F19-AC41-C3EE6B1771A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E72E0470-E136-4053-9CFB-10F1593BBA5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8745FD6-B0B3-46A9-9254-7B13877D7080\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.6.1.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"794B669D-5A30-49CA-9F35-8F7AA5A2DF62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9881CF16-F617-48DA-8CB8-08C3D943CCD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"368C0D98-DFFA-434E-8416-49F5862D20B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FFFB01B-1B4F-4072-A68C-98C538DE34ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B3F8E05-F2F7-4477-8237-4561A3BE4D91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9309C030-2F02-4E7E-B3E3-035B93DD1E0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8309806-58A6-442D-AAA2-C368A28855DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4A53388-C0C8-41FE-A7D1-670B9B17C02D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABA0048F-B88D-47F6-89D6-B7EDDECBF700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30ECA8FE-D587-4692-AA90-9706E44BAC1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DCD22A8-7E04-4782-AEB2-07878925A2AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"42642F32-7B85-4CDE-A40E-A309FC98D35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"396253A5-EC5F-429B-ABF3-20CB0A56E658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E669D6E2-300B-4A4D-8A71-4B4FA447185E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:2.8_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04698E83-4906-4FD9-81C1-955A6D770898\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/98387\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038459\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98387\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038459\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.