CVE-2017-6646

Name of the Vulnerable Software and Affected Versions Cisco Remote Expert Manager Software version 11.0.0

Description A vulnerability in the web interface could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. This issue exists because the software does not sufficiently protect sensitive data when responding to HTTP requests sent to the web interface. An attacker could exploit this by sending crafted HTTP requests to the web interface, potentially allowing them to access sensitive information and conduct additional reconnaissance attacks.

Recommendations For Cisco Remote Expert Manager Software version 11.0.0, consider restricting access to the web interface until a fix is available, and avoid using sensitive information in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.