Sign-up

ID

VAR-201705-3666


CVE

CVE-2017-6647


TITLE

Cisco Remote Expert Manager Software Web Vulnerability in accessing important temporary file information in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-004284

DESCRIPTION

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52875. The software features collaboration features such as remote screen sharing, screen annotation, and session recording. The vulnerability stems from the program's insufficient protection of sensitive information

Trust: 1.98

sources: NVD: CVE-2017-6647 // JVNDB: JVNDB-2017-004284 // BID: 98538 // VULHUB: VHN-114850

AFFECTED PRODUCTS

vendor:ciscomodel:remote expert managerscope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:remote expert manager softwarescope:eqversion:11.0.0

Trust: 0.8

vendor:ciscomodel:remote expert managerscope:eqversion:11.0

Trust: 0.3

sources: BID: 98538 // JVNDB: JVNDB-2017-004284 // CNNVD: CNNVD-201705-901 // NVD: CVE-2017-6647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6647
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6647
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-901
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114850
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6647
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114850
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6647
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114850 // JVNDB: JVNDB-2017-004284 // CNNVD: CNNVD-201705-901 // NVD: CVE-2017-6647

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114850 // JVNDB: JVNDB-2017-004284 // NVD: CVE-2017-6647

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-901

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-901

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004284

PATCH
title:cisco-sa-20170517-rem7url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-004284

EXTERNAL IDS
db:NVDid:CVE-2017-6647
Trust: 2.8
db:BIDid:98538
Trust: 2.0
db:JVNDBid:JVNDB-2017-004284
Trust: 0.8
db:CNNVDid:CNNVD-201705-901
Trust: 0.7
db:VULHUBid:VHN-114850
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114850 // 
            
            
            
            BID: 98538 // 
            
            
            
            JVNDB: JVNDB-2017-004284 // 
            
            
            
            CNNVD: CNNVD-201705-901 // 
            
            
            
            NVD: CVE-2017-6647

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-rem7
Trust: 2.0
url:http://www.securityfocus.com/bid/98538
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6647
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6647
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114850 // 
            
            
            
            BID: 98538 // 
            
            
            
            JVNDB: JVNDB-2017-004284 // 
            
            
            
            CNNVD: CNNVD-201705-901 // 
            
            
            
            NVD: CVE-2017-6647

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 98538

SOURCES
db:VULHUBid:VHN-114850
db:BIDid:98538
db:JVNDBid:JVNDB-2017-004284
db:CNNVDid:CNNVD-201705-901
db:NVDid:CVE-2017-6647

LAST UPDATE DATE
2025-04-20T23:43:04.620000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114850date:2019-10-09T00:00:00
db:BIDid:98538date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004284date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201705-901date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6647date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114850date:2017-05-22T00:00:00
db:BIDid:98538date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004284date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201705-901date:2017-05-22T00:00:00
db:NVDid:CVE-2017-6647date:2017-05-22T01:29:00.727