Main Vulnerability Database SB2017051805

SB2017051805 - Information disclosure in Cisco Remote Expert Manager

Published: May 18, 2017

Security Bulletin ID SB2017051805

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2017-6644)

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due improper input validation in the kernel. A remote attacker can send specially crafted HTTP requests to the web interface of the software and access sensitive information about the software that may be used to conduct additional reconnaissance attacks.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4