CVE-2017-6647

Name of the Vulnerable Software and Affected Versions Cisco Remote Expert Manager Software version 11.0.0

Description A vulnerability in the web interface could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. This issue exists because the software does not sufficiently protect sensitive data when responding to HTTP requests sent to the web interface. An attacker could exploit this by sending crafted HTTP requests to the web interface, potentially allowing them to access sensitive information about the software, which could be used for additional reconnaissance attacks.

Recommendations For Cisco Remote Expert Manager Software version 11.0.0, update the software to a version that includes the fix for Cisco Bug ID CSCvc52875.