PatchSiren cyber security CVE debrief

CVE-2017-3797 Cisco CVE debrief

CVE-2017-3797 is an information disclosure issue in Cisco WebEx Meetings Server. An unauthenticated remote attacker could view the fully qualified domain name of the Cisco WebEx administration server. NVD rates the issue CVSS 3.0 5.3/Medium, with confidentiality impact limited and no integrity or availability impact recorded.

Vendor: Cisco
Product: CVE-2017-3797
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-26
Original CVE updated: 2026-05-13
Advisory published: 2017-01-26
Advisory updated: 2026-05-13

Who should care

Administrators and security teams responsible for Cisco WebEx Meetings Server deployments, especially systems running affected 2.7-era releases or exposed administration services.

Technical summary

The vulnerability is categorized as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). NVD lists the attack vector as network-based, with no privileges required and no user interaction (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). The documented impact is limited to disclosure of the administration server's fully qualified domain name. NVD identifies affected CPEs for Cisco WebEx Meetings Server 2.7_base and 2.7.1, and the CVE description calls out known affected releases 2.7.

Defensive priority

Medium priority. This is a remote, unauthenticated information disclosure issue, so it should be addressed through the vendor's guidance during the next normal maintenance cycle, with extra attention if the service is reachable from untrusted networks.

Recommended defensive actions

Review Cisco's advisory for CVE-2017-3797 and apply the vendor-recommended remediation for WebEx Meetings Server.
Inventory Cisco WebEx Meetings Server deployments and confirm whether affected 2.7-era releases are present, including 2.7_base and 2.7.1.
Restrict access to administration interfaces to trusted management networks and minimize external exposure.
Validate that server naming and administrative metadata are not exposed beyond intended administrative users.
Update internal vulnerability tracking and retest the affected systems after remediation.

Evidence notes

Source corpus and official references consistently describe a Cisco WebEx Meetings Server information disclosure issue affecting known release 2.7. NVD lists the weakness as CWE-200 and the CVSS v3 vector as AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. NVD also enumerates vulnerable CPEs for cisco:webex_meetings_server:2.7.1 and cisco:webex_meetings_server:2.7_base. Cisco's security advisory is referenced in the NVD record, along with third-party advisory listings.

Official resources

CVE-2017-3797 CVE record
CVE.org
CVE-2017-3797 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE published on 2017-01-26; the NVD record was last modified on 2026-05-13. The vendor advisory referenced by NVD is Cisco Security Advisory cisco-sa-20170118-wms3.