Vulnerabilities > CVE-2017-3811 - XXE vulnerability in Cisco Webex Meetings Server 2.6

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cisco

CWE-611

NVD

Published: 2017-03-17

Updated: 2017-07-12

Summary

An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Webex Meetings Server 2.6	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

http://www.securityfocus.com/bid/96912
http://www.securitytracker.com/id/1038042
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms