CVE-2017-6642

Name of the Vulnerable Software and Affected Versions Cisco Remote Expert Manager Software version 11.0.0

Description A vulnerability in the web interface could allow an unauthenticated, remote attacker to access sensitive information on an affected system. This issue exists because the software does not sufficiently protect sensitive data when responding to HTTP requests sent to the web interface. An attacker could exploit this by sending crafted HTTP requests to the web interface, potentially allowing them to access sensitive information about the software, which could be used for additional reconnaissance attacks.

Recommendations For Cisco Remote Expert Manager Software version 11.0.0, consider restricting access to the web interface until a patch is available. As a temporary workaround, limit the exposure of the web interface to only necessary users to minimize the risk of exploitation.