CVE-2017-6646

{"id": "CVE-2017-6646", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2017-05-22T01:29:00.680", "references": [{"url": "http://www.securityfocus.com/bid/98529", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52866 CSCvc52868."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web de Remote Expert Manager Software de Cisco versi\u00f3n 11.0.0, podr\u00eda permitir a un atacante no autenticado remoto acceder a informaci\u00f3n confidencial de Pedidos en un sistema afectado. La vulnerabilidad se presenta porque el programa afectado no protege suficientemente los datos confidenciales cuando responde a peticiones HTTP que se env\u00edan hacia la interfaz web del programa. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de peticiones HTTP dise\u00f1adas hacia la interfaz web del programa en un sistema afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitirle al atacante acceder a informaci\u00f3n confidencial sobre el programa. El atacante podr\u00eda usar esta informaci\u00f3n para conducir ataques de reconocimiento adicionales. IDs de Bug de Cisco: CSCvc52866 CSCvc52868."}], "lastModified": "2019-10-09T23:28:53.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:remote_expert_manager:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1FBE8C1-28EE-41E6-AFCB-719EAC7A0685"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}