Vulnerability Details : CVE-2017-6620
A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457.
Vulnerability category: Input validation
Products affected by CVE-2017-6620
- cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.1.19:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6620
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6620
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.8
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2017-6620
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2017-6620
-
http://www.securitytracker.com/id/1038395
Cisco CVR100W Wireless-N VPN Router Lets Remote Users Bypass Remote Management Interface ACL Restrictions on the Target System - SecurityTracker
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2
Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/98289
Cisco CVR100W Wireless-N VPN Router CVE-2017-6620 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to