—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco WebEx Meetings Server Information Disclosure Vulnerability
Advisory ID: cisco-sa-20170510-cwms
Revision: 1.0
For Public Release: 2017 May 10 16:00 GMT
Last Updated: 2017 May 10 16:00 GMT
CVE ID(s): CVE-2017-6651
CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+———————————————————————
Summary
=======
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings.
The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality.
An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings.
Cisco has released software updates that address this vulnerability. Workarounds are available to address this vulnerability. This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms”]
—–BEGIN PGP SIGNATURE—–
iQKBBAEBAgBrBQJZEzteZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHl5PQ/+NTMgOdR3YgFXjI+f
qKbt7OsZrgn/0rUA9Q8pdsYp8BlSbWGzzw9DuLt6L6UiFr5OJIq0RxnuCBX+K/K8
+/kcZy2eq5dcIg7vrInF0mQ3X1i0eRc2HntCpcCTUM9e5D/VilBMftRKrBKOJ+j+
chnBVzulwhtgrvl5sy9esuKXC6Y/F3rg58AsHxUTry67Ua7Ms1AiS81d42yyDxPA
Pce1xYpDvSvpXU3i0DvlkhDCkCksiuQeYlQC07bsK3Cm0M+F5bz8X+DekxB9JuNy
CHtR3KnLK8pDYENem7lbRllkVCeQDU7CbOcsnAe2Us6B3z3M/WaDdCm1f+ZiXDn5
rlaBmNyqtJsb7S7Yfzla17tneyvdT5+pAvs71ZcIlsID6i2KyG4VzvslY9XwxxbF
C+yO+iVi0RZ5c7NWP25Mbmn4H6P+gztbF8PcJDLmJXF1aRJnzyH4x1Nns4E5i75t
Y+jCt11BZbLKKcZPl8WZbC/NmwgcMVTp4KWsdNHVu0868qc5vhZwrAwXrhpYgnrK
VvzDB8QDr4x220gLk7Xwy/eYbTOept9SlcWQNqRVItZOIoRsYtKlc6mlPpjCsZXR
VUCSqmKq8K+nmbgSaatdvcCFCZj+GSYkE71/W3eJXrn6UkvfzK88I5pBFe4MM5JQ
wGfBZigKONrWhFMnvP5MxxLBCDE=
=2751
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com