Sign-up

ID

VAR-201705-3663


CVE

CVE-2017-6644


TITLE

Cisco Remote Expert Manager Software Web Vulnerabilities that access important information in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-004282

DESCRIPTION

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52860. The software features collaboration features such as remote screen sharing, screen annotation, and session recording. The vulnerability stems from the program's insufficient protection of sensitive information

Trust: 1.98

sources: NVD: CVE-2017-6644 // JVNDB: JVNDB-2017-004282 // BID: 98539 // VULHUB: VHN-114847

AFFECTED PRODUCTS

vendor:ciscomodel:remote expert managerscope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:remote expert manager softwarescope:eqversion:11.0.0

Trust: 0.8

vendor:ciscomodel:remote expert managerscope:eqversion:11.0

Trust: 0.3

sources: BID: 98539 // JVNDB: JVNDB-2017-004282 // CNNVD: CNNVD-201705-904 // NVD: CVE-2017-6644

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6644
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6644
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-904
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114847
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6644
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114847
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6644
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114847 // JVNDB: JVNDB-2017-004282 // CNNVD: CNNVD-201705-904 // NVD: CVE-2017-6644

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114847 // JVNDB: JVNDB-2017-004282 // NVD: CVE-2017-6644

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-904

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-904

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004282

PATCH
title:cisco-sa-20170517-rem4url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-004282

EXTERNAL IDS
db:NVDid:CVE-2017-6644
Trust: 2.8
db:BIDid:98539
Trust: 2.0
db:JVNDBid:JVNDB-2017-004282
Trust: 0.8
db:CNNVDid:CNNVD-201705-904
Trust: 0.7
db:VULHUBid:VHN-114847
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114847 // 
            
            
            
            BID: 98539 // 
            
            
            
            JVNDB: JVNDB-2017-004282 // 
            
            
            
            CNNVD: CNNVD-201705-904 // 
            
            
            
            NVD: CVE-2017-6644

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-rem4
Trust: 2.0
url:http://www.securityfocus.com/bid/98539
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6644
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6644
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114847 // 
            
            
            
            BID: 98539 // 
            
            
            
            JVNDB: JVNDB-2017-004282 // 
            
            
            
            CNNVD: CNNVD-201705-904 // 
            
            
            
            NVD: CVE-2017-6644

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 98539

SOURCES
db:VULHUBid:VHN-114847
db:BIDid:98539
db:JVNDBid:JVNDB-2017-004282
db:CNNVDid:CNNVD-201705-904
db:NVDid:CVE-2017-6644

LAST UPDATE DATE
2025-04-20T23:05:04.200000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114847date:2019-10-09T00:00:00
db:BIDid:98539date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004282date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201705-904date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6644date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114847date:2017-05-22T00:00:00
db:BIDid:98539date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004282date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201705-904date:2017-05-22T00:00:00
db:NVDid:CVE-2017-6644date:2017-05-22T01:29:00.603