CVE-2017-6651: Infoleak
First published: Tue May 16 2017(Updated: )
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Meetings Server | =2.5.1.5 | |
| Cisco Webex Meetings Server | =2.5.1.29 | |
| Cisco Webex Meetings Server | =2.5.99.2 | |
| Cisco Webex Meetings Server | =2.5_base | |
| Cisco Webex Meetings Server | =2.5_mr1 | |
| Cisco Webex Meetings Server | =2.5_mr2 | |
| Cisco Webex Meetings Server | =2.5_mr2-patch1 | |
| Cisco Webex Meetings Server | =2.5_mr3 | |
| Cisco Webex Meetings Server | =2.5_mr4 | |
| Cisco Webex Meetings Server | =2.5_mr5 | |
| Cisco Webex Meetings Server | =2.5_mr5-patch1 | |
| Cisco Webex Meetings Server | =2.5_mr6 | |
| Cisco Webex Meetings Server | =2.5_mr6-patch_1 | |
| Cisco Webex Meetings Server | =2.5_mr6-patch2 | |
| Cisco Webex Meetings Server | =2.5_mr6-patch3 | |
| Cisco Webex Meetings Server | =2.5_mr6-patch4 | |
| Cisco Webex Meetings Server | =2.6.0 | |
| Cisco Webex Meetings Server | =2.6.1.39 | |
| Cisco Webex Meetings Server | =2.6_mr1 | |
| Cisco Webex Meetings Server | =2.6_mr1-patch1 | |
| Cisco Webex Meetings Server | =2.6_mr2 | |
| Cisco Webex Meetings Server | =2.6_mr2-patch1 | |
| Cisco Webex Meetings Server | =2.6_mr3 | |
| Cisco Webex Meetings Server | =2.6_mr3-patch1 | |
| Cisco Webex Meetings Server | =2.6_mr3-patch2 | |
| Cisco Webex Meetings Server | =2.7.1 | |
| Cisco Webex Meetings Server | =2.7_base | |
| Cisco Webex Meetings Server | =2.7_mr1 | |
| Cisco Webex Meetings Server | =2.7_mr1-patch1 | |
| Cisco Webex Meetings Server | =2.7_mr2 | |
| Cisco Webex Meetings Server | =2.7_mr2-patch1 | |
| Cisco Webex Meetings Server | =2.8_base |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6651?
CVE-2017-6651 has been rated as a medium severity vulnerability due to its potential to allow unauthorized access to scheduled meetings.
How do I fix CVE-2017-6651?
To mitigate CVE-2017-6651, ensure proper configuration of the robots.txt file in your Cisco WebEx Meetings Server setup.
Who is affected by CVE-2017-6651?
CVE-2017-6651 affects users of various versions of Cisco WebEx Meetings Server, particularly versions 2.5.x and 2.6.x.
Can CVE-2017-6651 be exploited remotely?
Yes, CVE-2017-6651 can be exploited by unauthenticated remote attackers to access sensitive meeting information.
Is there a patch available for CVE-2017-6651?
Yes, Cisco has provided updates to address CVE-2017-6651, and users are advised to apply these patches.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco webex meetings server
- version/cisco webex meetings server/2.5.1.5
- version/cisco webex meetings server/2.5.1.29
- version/cisco webex meetings server/2.5.99.2
- version/cisco webex meetings server/2.5_base
- version/cisco webex meetings server/2.5_mr1
- version/cisco webex meetings server/2.5_mr2
- version/cisco webex meetings server/2.5_mr2-patch1
- version/cisco webex meetings server/2.5_mr3
- version/cisco webex meetings server/2.5_mr4
- version/cisco webex meetings server/2.5_mr5
- version/cisco webex meetings server/2.5_mr5-patch1
- version/cisco webex meetings server/2.5_mr6
- version/cisco webex meetings server/2.5_mr6-patch_1
- version/cisco webex meetings server/2.5_mr6-patch2
- version/cisco webex meetings server/2.5_mr6-patch3
- version/cisco webex meetings server/2.5_mr6-patch4
- version/cisco webex meetings server/2.6.0
- version/cisco webex meetings server/2.6.1.39
- version/cisco webex meetings server/2.6_mr1
- version/cisco webex meetings server/2.6_mr1-patch1
- version/cisco webex meetings server/2.6_mr2
- version/cisco webex meetings server/2.6_mr2-patch1
- version/cisco webex meetings server/2.6_mr3
- version/cisco webex meetings server/2.6_mr3-patch1
- version/cisco webex meetings server/2.6_mr3-patch2
- version/cisco webex meetings server/2.7.1
- version/cisco webex meetings server/2.7_base
- version/cisco webex meetings server/2.7_mr1
- version/cisco webex meetings server/2.7_mr1-patch1
- version/cisco webex meetings server/2.7_mr2
- version/cisco webex meetings server/2.7_mr2-patch1
- version/cisco webex meetings server/2.8_base