Sign-up

ID

VAR-201705-3661


CVE

CVE-2017-6642


TITLE

Cisco Remote Expert Manager Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2017-004205

DESCRIPTION

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856. Vendors have confirmed this vulnerability Bug ID CSCvc52856 It is released as.Information may be obtained. This may result in further attacks. The software features collaboration features such as remote screen sharing, screen annotation, and session recording

Trust: 1.98

sources: NVD: CVE-2017-6642 // JVNDB: JVNDB-2017-004205 // BID: 98534 // VULHUB: VHN-114845

AFFECTED PRODUCTS

vendor:ciscomodel:remote expert managerscope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:remote expert manager softwarescope:eqversion:11.0.0

Trust: 0.8

vendor:ciscomodel:remote expert managerscope:eqversion:11.0

Trust: 0.3

sources: BID: 98534 // JVNDB: JVNDB-2017-004205 // CNNVD: CNNVD-201705-906 // NVD: CVE-2017-6642

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6642
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6642
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-906
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114845
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6642
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114845
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6642
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114845 // JVNDB: JVNDB-2017-004205 // CNNVD: CNNVD-201705-906 // NVD: CVE-2017-6642

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114845 // JVNDB: JVNDB-2017-004205 // NVD: CVE-2017-6642

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-906

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-906

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004205

PATCH
title:cisco-sa-20170517-rem2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-004205

EXTERNAL IDS
db:NVDid:CVE-2017-6642
Trust: 2.8
db:BIDid:98534
Trust: 2.0
db:JVNDBid:JVNDB-2017-004205
Trust: 0.8
db:CNNVDid:CNNVD-201705-906
Trust: 0.7
db:VULHUBid:VHN-114845
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114845 // 
            
            
            
            BID: 98534 // 
            
            
            
            JVNDB: JVNDB-2017-004205 // 
            
            
            
            CNNVD: CNNVD-201705-906 // 
            
            
            
            NVD: CVE-2017-6642

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-rem2
Trust: 2.0
url:http://www.securityfocus.com/bid/98534
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6642
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6642
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114845 // 
            
            
            
            BID: 98534 // 
            
            
            
            JVNDB: JVNDB-2017-004205 // 
            
            
            
            CNNVD: CNNVD-201705-906 // 
            
            
            
            NVD: CVE-2017-6642

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 98534

SOURCES
db:VULHUBid:VHN-114845
db:BIDid:98534
db:JVNDBid:JVNDB-2017-004205
db:CNNVDid:CNNVD-201705-906
db:NVDid:CVE-2017-6642

LAST UPDATE DATE
2025-04-20T23:31:00.564000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114845date:2019-10-09T00:00:00
db:BIDid:98534date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004205date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201705-906date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6642date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114845date:2017-05-22T00:00:00
db:BIDid:98534date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004205date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201705-906date:2017-05-22T00:00:00
db:NVDid:CVE-2017-6642date:2017-05-22T01:29:00.527