Test ID:	1.3.6.1.4.1.25623.1.0.106596
Category:	CISCO
Title:	Cisco Meeting Server HTTP Packet Processing Vulnerability
Summary:	A vulnerability in the Web Bridge interface of the Cisco Meeting Server;(CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory;contents, which could lead to the disclosure of confidential information. In addition, the attacker could;potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The;attacker would need to be authenticated and have a valid session with the Web Bridge.
Description:	Summary: A vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid session with the Web Bridge. Vulnerability Insight: The vulnerability is due to insufficient input validation of an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP packet to a targeted application. Vulnerability Impact: A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information or cause a DoS condition. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3837 BugTraq ID: 96243 http://www.securityfocus.com/bid/96243 http://www.securitytracker.com/id/1037834
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.