Cisco Meeting Server HTTP Packet Processing Vulnerability (CVE-2017-3837)

A vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid session with the Web Bridge.

Cisco 会议服务器（CMS，原名 Acano 会议服务器）的 Web 桥接接口存在一处漏洞，该漏洞可能使经过身份验证的远程攻击者获取内存内容，进而可能导致机密信息的泄露。此外，攻击者可能意外导致应用程序崩溃，从而引发服务拒绝（DoS）状况。攻击者必须经过身份验证，并拥有有效的 Web 桥接会话。