Sign-up

ID

VAR-201705-3664


CVE

CVE-2017-6645


TITLE

Cisco Remote Expert Manager Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2017-004207

DESCRIPTION

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52861. Vendors have confirmed this vulnerability Bug ID CSCvc52861 It is released as.Information may be obtained. The software features collaboration features such as remote screen sharing, screen annotation, and session recording. The vulnerability stems from the program's insufficient protection of sensitive information

Trust: 1.98

sources: NVD: CVE-2017-6645 // JVNDB: JVNDB-2017-004207 // BID: 98537 // VULHUB: VHN-114848

AFFECTED PRODUCTS

vendor:ciscomodel:remote expert managerscope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:remote expert manager softwarescope:eqversion:11.0.0

Trust: 0.8

vendor:ciscomodel:remote expert managerscope:eqversion:11.0

Trust: 0.3

sources: BID: 98537 // JVNDB: JVNDB-2017-004207 // CNNVD: CNNVD-201705-903 // NVD: CVE-2017-6645

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6645
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6645
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-903
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114848
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6645
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114848
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6645
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114848 // JVNDB: JVNDB-2017-004207 // CNNVD: CNNVD-201705-903 // NVD: CVE-2017-6645

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114848 // JVNDB: JVNDB-2017-004207 // NVD: CVE-2017-6645

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-903

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-903

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004207

PATCH
title:cisco-sa-20170517-rem5url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem5
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-004207

EXTERNAL IDS
db:NVDid:CVE-2017-6645
Trust: 2.8
db:BIDid:98537
Trust: 2.0
db:JVNDBid:JVNDB-2017-004207
Trust: 0.8
db:CNNVDid:CNNVD-201705-903
Trust: 0.7
db:VULHUBid:VHN-114848
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114848 // 
            
            
            
            BID: 98537 // 
            
            
            
            JVNDB: JVNDB-2017-004207 // 
            
            
            
            CNNVD: CNNVD-201705-903 // 
            
            
            
            NVD: CVE-2017-6645

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-rem5
Trust: 2.0
url:http://www.securityfocus.com/bid/98537
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6645
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6645
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114848 // 
            
            
            
            BID: 98537 // 
            
            
            
            JVNDB: JVNDB-2017-004207 // 
            
            
            
            CNNVD: CNNVD-201705-903 // 
            
            
            
            NVD: CVE-2017-6645

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 98537

SOURCES
db:VULHUBid:VHN-114848
db:BIDid:98537
db:JVNDBid:JVNDB-2017-004207
db:CNNVDid:CNNVD-201705-903
db:NVDid:CVE-2017-6645

LAST UPDATE DATE
2025-04-20T23:29:42.266000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114848date:2019-10-09T00:00:00
db:BIDid:98537date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004207date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201705-903date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6645date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114848date:2017-05-22T00:00:00
db:BIDid:98537date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004207date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201705-903date:2017-05-22T00:00:00
db:NVDid:CVE-2017-6645date:2017-05-22T01:29:00.650