{"containers": {"cna": {"affected": [{"product": "Cisco WebEx Meetings Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco WebEx Meetings Server"}]}], "datePublic": "2017-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-07-07T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1038459", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038459"}, {"name": "98387", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98387"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6651", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco WebEx Meetings Server", "version": {"version_data": [{"version_value": "Cisco WebEx Meetings Server"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "1038459", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038459"}, {"name": "98387", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98387"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:33:20.479Z"}, "title": "CVE Program Container", "references": [{"name": "1038459", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038459"}, {"name": "98387", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98387"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6651", "datePublished": "2017-05-16T17:00:00", "dateReserved": "2017-03-09T00:00:00", "dateUpdated": "2024-08-05T15:33:20.479Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "D5C7BE43-0F81-4550-813E-66D0844E9291", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:*:*:*:*:*:*:*", "matchCriteriaId": "9043AE98-9A13-46F8-8E8A-BEC9E8EE0843", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "A8289371-84B7-4342-9EA6-2844A9C5DCDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*", "matchCriteriaId": "9F4AF5A4-1B99-43F8-A659-7C57B033F2A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:*:*:*:*:*:*:*", "matchCriteriaId": "2F492431-5AE7-439F-81F1-B96EAD773E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:*:*:*:*:*:*:*", "matchCriteriaId": "2EC640D5-C840-4ABB-BD22-9B60BBFE8DD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:patch1:*:*:*:*:*:*", "matchCriteriaId": "9C9AC0A6-754F-4E20-A1E5-FBEC975D6B9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:*:*:*:*:*:*:*", "matchCriteriaId": "FEB2094F-B0E1-4129-BFD6-9FE1687B0AA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:*:*:*:*:*:*:*", "matchCriteriaId": "16B75EA6-516D-4550-B83D-E0EFDAA25208", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:*:*:*:*:*:*:*", "matchCriteriaId": "48A2A712-E8FD-460F-9A3C-3760082B8920", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:patch1:*:*:*:*:*:*", "matchCriteriaId": "932F97E6-5C33-45E4-A425-C511A4D875EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:*:*:*:*:*:*:*", "matchCriteriaId": "8F6F5080-355B-4A85-8DF4-D75D6A550C6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch_1:*:*:*:*:*:*", "matchCriteriaId": "2EC4CC18-3321-468F-8350-9304D4F7CCE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch2:*:*:*:*:*:*", "matchCriteriaId": "4E30AA8C-23DB-4190-A82F-EC35C2D0A7A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch3:*:*:*:*:*:*", "matchCriteriaId": "ABE8D8DD-7496-4F19-AC41-C3EE6B1771A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:patch4:*:*:*:*:*:*", "matchCriteriaId": "E72E0470-E136-4053-9CFB-10F1593BBA5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8745FD6-B0B3-46A9-9254-7B13877D7080", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6.1.39:*:*:*:*:*:*:*", "matchCriteriaId": "794B669D-5A30-49CA-9F35-8F7AA5A2DF62", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:*:*:*:*:*:*:*", "matchCriteriaId": "9881CF16-F617-48DA-8CB8-08C3D943CCD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:patch1:*:*:*:*:*:*", "matchCriteriaId": "368C0D98-DFFA-434E-8416-49F5862D20B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:*:*:*:*:*:*:*", "matchCriteriaId": "4FFFB01B-1B4F-4072-A68C-98C538DE34ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:patch1:*:*:*:*:*:*", "matchCriteriaId": "9B3F8E05-F2F7-4477-8237-4561A3BE4D91", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:*:*:*:*:*:*:*", "matchCriteriaId": "9309C030-2F02-4E7E-B3E3-035B93DD1E0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch1:*:*:*:*:*:*", "matchCriteriaId": "D8309806-58A6-442D-AAA2-C368A28855DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:patch2:*:*:*:*:*:*", "matchCriteriaId": "D4A53388-C0C8-41FE-A7D1-670B9B17C02D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "ABA0048F-B88D-47F6-89D6-B7EDDECBF700", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*", "matchCriteriaId": "30ECA8FE-D587-4692-AA90-9706E44BAC1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:*:*:*:*:*:*:*", "matchCriteriaId": "6DCD22A8-7E04-4782-AEB2-07878925A2AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:patch1:*:*:*:*:*:*", "matchCriteriaId": "42642F32-7B85-4CDE-A40E-A309FC98D35D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:*:*:*:*:*:*:*", "matchCriteriaId": "396253A5-EC5F-429B-ABF3-20CB0A56E658", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:patch1:*:*:*:*:*:*", "matchCriteriaId": "E669D6E2-300B-4A4D-8A71-4B4FA447185E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.8_base:*:*:*:*:*:*:*", "matchCriteriaId": "04698E83-4906-4FD9-81C1-955A6D770898", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950."}, {"lang": "es", "value": "Una vulnerabilidad en WebEx Meetings Server de Cisco, podr\u00eda permitir que los atacantes remotos no autenticados consigan informaci\u00f3n que podr\u00eda permitirles acceder a las reuniones programadas del cliente. La vulnerabilidad es debido a una configuraci\u00f3n incompleta del archivo robots.txt en las soluciones WebEx alojadas por el cliente y se produce cuando la funcionalidad Short URL no est\u00e1 activada. Todas las versiones de WebEx Meetings Server de Cisco posteriores a versi\u00f3n 2.5MR4 proporcionan esta funcionalidad. Un atacante podr\u00eda explotar esta vulnerabilidad por medio de un par\u00e1metro expuesto para buscar informaci\u00f3n de reuni\u00f3n indexada. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener informaci\u00f3n programada de la reuni\u00f3n y potencialmente permitir que el atacante asista a las reuniones programadas de los clientes. Esta vulnerabilidad afecta a las siguientes versiones de WebEx Meetings Server de Cisco: 2.5, 2.6, 2.7, 2.8. ID de bug de Cisco: CSCve25950."}], "id": "CVE-2017-6651", "lastModified": "2017-07-08T01:29:14.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-16T17:29:00.357", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98387"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1038459"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}