Sign-up

ID

VAR-201705-3665


CVE

CVE-2017-6646


TITLE

Cisco Remote Expert Manager Software Web Vulnerability in accessing important order information in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-004283

DESCRIPTION

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52866 CSCvc52868. The software features collaboration features such as remote screen sharing, screen annotation, and session recording. The vulnerability stems from the program's insufficient protection of sensitive information

Trust: 1.98

sources: NVD: CVE-2017-6646 // JVNDB: JVNDB-2017-004283 // BID: 98529 // VULHUB: VHN-114849

AFFECTED PRODUCTS

vendor:ciscomodel:remote expert managerscope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:remote expert manager softwarescope:eqversion:11.0.0

Trust: 0.8

vendor:ciscomodel:remote expert managerscope:eqversion:11.0

Trust: 0.3

sources: BID: 98529 // JVNDB: JVNDB-2017-004283 // CNNVD: CNNVD-201705-902 // NVD: CVE-2017-6646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6646
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6646
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-902
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114849
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6646
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114849
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6646
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114849 // JVNDB: JVNDB-2017-004283 // CNNVD: CNNVD-201705-902 // NVD: CVE-2017-6646

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114849 // JVNDB: JVNDB-2017-004283 // NVD: CVE-2017-6646

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-902

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-902

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004283

PATCH
title:cisco-sa-20170517-rem6url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-004283

EXTERNAL IDS
db:NVDid:CVE-2017-6646
Trust: 2.8
db:BIDid:98529
Trust: 2.0
db:JVNDBid:JVNDB-2017-004283
Trust: 0.8
db:CNNVDid:CNNVD-201705-902
Trust: 0.7
db:VULHUBid:VHN-114849
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114849 // 
            
            
            
            BID: 98529 // 
            
            
            
            JVNDB: JVNDB-2017-004283 // 
            
            
            
            CNNVD: CNNVD-201705-902 // 
            
            
            
            NVD: CVE-2017-6646

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-rem6
Trust: 2.0
url:http://www.securityfocus.com/bid/98529
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6646
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6646
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114849 // 
            
            
            
            BID: 98529 // 
            
            
            
            JVNDB: JVNDB-2017-004283 // 
            
            
            
            CNNVD: CNNVD-201705-902 // 
            
            
            
            NVD: CVE-2017-6646

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 98529

SOURCES
db:VULHUBid:VHN-114849
db:BIDid:98529
db:JVNDBid:JVNDB-2017-004283
db:CNNVDid:CNNVD-201705-902
db:NVDid:CVE-2017-6646

LAST UPDATE DATE
2025-04-20T23:25:02.560000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114849date:2019-10-09T00:00:00
db:BIDid:98529date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004283date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201705-902date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6646date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114849date:2017-05-22T00:00:00
db:BIDid:98529date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004283date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201705-902date:2017-05-22T00:00:00
db:NVDid:CVE-2017-6646date:2017-05-22T01:29:00.680