Executive Summary
| Summary | |
|---|---|
| Title | Cisco WebEx Meetings Server Information Disclosure Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20170510-cwms | First vendor Publication | 2017-05-10 |
| Vendor | Cisco | Last vendor Modification | 2017-05-10 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. Cisco has released software updates that address this vulnerability. Workarounds are available to address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZEzteZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHl5PQ/+NTMgOdR3YgFXjI+f qKbt7OsZrgn/0rUA9Q8pdsYp8BlSbWGzzw9DuLt6L6UiFr5OJIq0RxnuCBX+K/K8 +/kcZy2eq5dcIg7vrInF0mQ3X1i0eRc2HntCpcCTUM9e5D/VilBMftRKrBKOJ+j +chnBVzulwhtgrvl5sy9esuKXC6Y/F3rg58AsHxUTry67Ua7Ms1AiS81d42yyDxPA Pce1xYpDvSvpXU3i0DvlkhDCkCksiuQeYlQC07bsK3Cm0M+F5bz8X+DekxB9JuNy CHtR3KnLK8pDYENem7lbRllkVCeQDU7CbOcsnAe2Us6B3z3M/WaDdCm1f+ZiXDn5 rlaBmNyqtJsb7S7Yfzla17tneyvdT5+pAvs71ZcIlsID6i2KyG4VzvslY9XwxxbF C+yO+iVi0RZ5c7NWP25Mbmn4H6P+gztbF8PcJDLmJXF1aRJnzyH4x1Nns4E5i75t Y+jCt11BZbLKKcZPl8WZbC/NmwgcMVTp4KWsdNHVu0868qc5vhZwrAwXrhpYgnrK VvzDB8QDr4x220gLk7Xwy/eYbTOept9SlcWQNqRVItZOIoRsYtKlc6mlPpjCsZXR VUCSqmKq8K+nmbgSaatdvcCFCZj+GSYkE71/W3eJXrn6UkvfzK88I5pBFe4MM5JQ wGfBZigKONrWhFMnvP5MxxLBCDE= =2751 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Alert History
| Date | Informations |
|---|---|
| 2017-05-25 21:25:13 |
|
| 2017-05-16 21:24:06 |
|
| 2017-05-10 21:22:02 |
|
