CVE-2017-6651

Name: CVE-2017-6651
Creator: NVD / NIST
Published: 2017-05-16T17:29:00.357+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.02%

Last modified Jun 17, 2026

CVE-2017-6651 is a vulnerability of currently unknown severity. A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. EPSS estimates a 2.02% chance of exploitation in the next 30 days.

Description

A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.

Metrics

EPSS Probability

2.02%

78.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Webex Meetings Server	2.5.1.5
Cisco	Webex Meetings Server	2.5.1.29
Cisco	Webex Meetings Server	2.5.99.2
Cisco	Webex Meetings Server	2.5_base
Cisco	Webex Meetings Server	2.5_mr1
Cisco	Webex Meetings Server	2.5_mr2
Cisco	Webex Meetings Server	2.5_mr3
Cisco	Webex Meetings Server	2.5_mr4
Cisco	Webex Meetings Server	2.5_mr5
Cisco	Webex Meetings Server	2.5_mr6
Cisco	Webex Meetings Server	2.6.0
Cisco	Webex Meetings Server	2.6.1.39
Cisco	Webex Meetings Server	2.6_mr1
Cisco	Webex Meetings Server	2.6_mr2
Cisco	Webex Meetings Server	2.6_mr3
Cisco	Webex Meetings Server	2.7.1
Cisco	Webex Meetings Server	2.7_base
Cisco	Webex Meetings Server	2.7_mr1
Cisco	Webex Meetings Server	2.7_mr2
Cisco	Webex Meetings Server	2.8_base

References

http://www.securityfocus.com/bid/98387Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038459
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwmsVendor Advisory
http://www.securityfocus.com/bid/98387Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038459
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwmsVendor Advisory

Timeline

Published: May 16, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-6651?

How severe is CVE-2017-6651?

Severity scoring for CVE-2017-6651 is pending analysis. The EPSS model estimates a 2.02% probability of exploitation in the next 30 days.

How do I fix CVE-2017-6651?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-6651?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST