Details of VAR-201705-3670

ID

VAR-201705-3670

CVE

CVE-2017-6651

TITLE

Cisco WebEx Meetings Server Vulnerability in obtaining information that allows access to scheduled customer meetings

Trust: 0.8

sources: JVNDB: JVNDB-2017-004127

DESCRIPTION

A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. An information disclosure vulnerability exists in CWMS

Trust: 1.98

sources: NVD: CVE-2017-6651 // JVNDB: JVNDB-2017-004127 // BID: 98387 // VULHUB: VHN-114854

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6_mr1	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6.0	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7_mr1	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5_mr2	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6_mr3	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5_mr6	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7.1	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6_mr2	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.8	Trust: 1.1
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7	Trust: 1.1
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6	Trust: 1.1
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5	Trust: 1.1
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6.1.39	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7_mr2	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5.99.2	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5.1.29	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5_mr5	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.8_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5_mr4	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.7_base	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5_mr3	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5.1.5	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.5_mr1	Trust: 1.0
vendor:	cisco	model:	webex meetings server sp	scope:	ne	version:	2.81	Trust: 0.3
vendor:	cisco	model:	webex meetings server 2.7mr2 sp	scope:	ne	version:	6	Trust: 0.3
vendor:	cisco	model:	webex meetings server 2.6mr3 sp	scope:	ne	version:	4	Trust: 0.3
vendor:	cisco	model:	webex meetings server 2.5mr6 patch	scope:	ne	version:	6	Trust: 0.3

sources: BID: 98387 // JVNDB: JVNDB-2017-004127 // CNNVD: CNNVD-201705-575 // NVD: CVE-2017-6651

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6651
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6651
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201705-575
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114854
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6651
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114854
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6651
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114854 // JVNDB: JVNDB-2017-004127 // CNNVD: CNNVD-201705-575 // NVD: CVE-2017-6651

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-114854 // JVNDB: JVNDB-2017-004127 // NVD: CVE-2017-6651

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-575

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-575

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004127

PATCH

title:	cisco-sa-20170510-cwms	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms	Trust: 0.8
title:	Cisco WebEx Meetings Server Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70071	Trust: 0.6

sources: JVNDB: JVNDB-2017-004127 // CNNVD: CNNVD-201705-575

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6651	Trust: 2.8
db:	BID	id:	98387	Trust: 2.0
db:	SECTRACK	id:	1038459	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-004127	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-575	Trust: 0.7
db:	VULHUB	id:	VHN-114854	Trust: 0.1

sources: VULHUB: VHN-114854 // BID: 98387 // JVNDB: JVNDB-2017-004127 // CNNVD: CNNVD-201705-575 // NVD: CVE-2017-6651

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170510-cwms	Trust: 2.0
url:	http://www.securityfocus.com/bid/98387	Trust: 1.7
url:	http://www.securitytracker.com/id/1038459	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6651	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6651	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114854 // BID: 98387 // JVNDB: JVNDB-2017-004127 // CNNVD: CNNVD-201705-575 // NVD: CVE-2017-6651

CREDITS

Cisco

Trust: 0.9

sources: BID: 98387 // CNNVD: CNNVD-201705-575

SOURCES

db:	VULHUB	id:	VHN-114854
db:	BID	id:	98387
db:	JVNDB	id:	JVNDB-2017-004127
db:	CNNVD	id:	CNNVD-201705-575
db:	NVD	id:	CVE-2017-6651

LAST UPDATE DATE

2024-11-23T22:49:02.929000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114854	date:	2017-07-08T00:00:00
db:	BID	id:	98387	date:	2017-05-23T16:24:00
db:	JVNDB	id:	JVNDB-2017-004127	date:	2017-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201705-575	date:	2017-05-12T00:00:00
db:	NVD	id:	CVE-2017-6651	date:	2024-11-21T03:30:13.517

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114854	date:	2017-05-16T00:00:00
db:	BID	id:	98387	date:	2017-05-10T00:00:00
db:	JVNDB	id:	JVNDB-2017-004127	date:	2017-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201705-575	date:	2017-05-12T00:00:00
db:	NVD	id:	CVE-2017-6651	date:	2017-05-16T17:29:00.357