Information disclosure in Remote Expert Manager - CVE-2017-6644
Published: May 18, 2017
Vulnerability identifier: #VU6606
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6644
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Remote Expert Manager
Remote Expert Manager
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due improper input validation in the kernel. A remote attacker can send specially crafted HTTP requests to the web interface of the software and access sensitive information about the software that may be used to conduct additional reconnaissance attacks.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due improper input validation in the kernel. A remote attacker can send specially crafted HTTP requests to the web interface of the software and access sensitive information about the software that may be used to conduct additional reconnaissance attacks.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-6644
Install update from vendor's website.