====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN147
_____________________________________________________________________

DATE                : 11/05/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Cisco WebEx Meetings Server8.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms
____________________________________________________________________

Cisco Security Advisory: Cisco WebEx Meetings Server Information
Disclosure Vulnerability

Advisory ID: cisco-sa-20170510-cwms

Revision: 1.0

For Public Release: 2017 May 10 16:00 GMT

Last Updated: 2017 May 10 16:00 GMT

CVE ID(s): CVE-2017-6651

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

+---------------------------------------------------------------------


Summary
=======

A vulnerability in Cisco WebEx Meetings Server could allow
unauthenticated, remote attackers to gain information that could allow
them to access scheduled customer meetings.

The vulnerability is due to an incomplete configuration of the
robots.txt file on customer-hosted WebEx solutions and occurs when the
Short URL functionality is not activated. All releases of Cisco WebEx
Meetings Server later than release 2.5MR4 provide this functionality.

An attacker could exploit this vulnerability via an exposed parameter
to search for indexed meeting information. A successful exploit could
allow the attacker to obtain scheduled meeting information and
potentially allow the attacker to attend scheduled, customer meetings.

Cisco has released software updates that address this vulnerability.
Workarounds are available to address this vulnerability. This advisory
is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms"]


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================