CVE-2017-6643

Name of the Vulnerable Software and Affected Versions Cisco Remote Expert Manager Software version 11.0.0

Description A vulnerability in the web interface could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information. The issue exists because the software does not sufficiently protect sensitive data when responding to HTTP requests. An attacker could exploit this by sending crafted HTTP requests to the web interface, potentially accessing sensitive information and using it for additional reconnaissance attacks.

Recommendations For Cisco Remote Expert Manager Software version 11.0.0, consider restricting access to the web interface until a fix is available. As a temporary workaround, limit the exposure of the web interface to only necessary users to minimize the risk of exploitation.