Sign-up

ID

VAR-201705-3662


CVE

CVE-2017-6643


TITLE

Cisco Remote Expert Manager Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2017-004206

DESCRIPTION

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52858. Vendors have confirmed this vulnerability Bug ID CSCvc52858 It is released as.Information may be obtained. The software features collaboration features such as remote screen sharing, screen annotation, and session recording. The vulnerability stems from the program's insufficient protection of sensitive information

Trust: 1.98

sources: NVD: CVE-2017-6643 // JVNDB: JVNDB-2017-004206 // BID: 98542 // VULHUB: VHN-114846

AFFECTED PRODUCTS

vendor:ciscomodel:remote expert managerscope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:remote expert manager softwarescope:eqversion:11.0.0

Trust: 0.8

vendor:ciscomodel:remote expert managerscope:eqversion:11.0

Trust: 0.3

sources: BID: 98542 // JVNDB: JVNDB-2017-004206 // CNNVD: CNNVD-201705-905 // NVD: CVE-2017-6643

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6643
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6643
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-905
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114846
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6643
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114846
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6643
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114846 // JVNDB: JVNDB-2017-004206 // CNNVD: CNNVD-201705-905 // NVD: CVE-2017-6643

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114846 // JVNDB: JVNDB-2017-004206 // NVD: CVE-2017-6643

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-905

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-905

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004206

PATCH
title:cisco-sa-20170517-rem3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem3
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-004206

EXTERNAL IDS
db:NVDid:CVE-2017-6643
Trust: 2.8
db:BIDid:98542
Trust: 2.0
db:JVNDBid:JVNDB-2017-004206
Trust: 0.8
db:CNNVDid:CNNVD-201705-905
Trust: 0.7
db:VULHUBid:VHN-114846
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114846 // 
            
            
            
            BID: 98542 // 
            
            
            
            JVNDB: JVNDB-2017-004206 // 
            
            
            
            CNNVD: CNNVD-201705-905 // 
            
            
            
            NVD: CVE-2017-6643

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-rem3
Trust: 2.0
url:http://www.securityfocus.com/bid/98542
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6643
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6643
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114846 // 
            
            
            
            BID: 98542 // 
            
            
            
            JVNDB: JVNDB-2017-004206 // 
            
            
            
            CNNVD: CNNVD-201705-905 // 
            
            
            
            NVD: CVE-2017-6643

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 98542

SOURCES
db:VULHUBid:VHN-114846
db:BIDid:98542
db:JVNDBid:JVNDB-2017-004206
db:CNNVDid:CNNVD-201705-905
db:NVDid:CVE-2017-6643

LAST UPDATE DATE
2025-04-20T23:20:00.662000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114846date:2019-10-09T00:00:00
db:BIDid:98542date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004206date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201705-905date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6643date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114846date:2017-05-22T00:00:00
db:BIDid:98542date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004206date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201705-905date:2017-05-22T00:00:00
db:NVDid:CVE-2017-6643date:2017-05-22T01:29:00.570