Details of VAR-201705-3472

ID

VAR-201705-3472

CVE

CVE-2017-3882

TITLE

Cisco CVR100W Wireless-N VPN Router of Universal Plug-and-Play Implementation of a buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004129

DESCRIPTION

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release 1.0.1.22. Cisco Bug IDs: CSCuz72642. Vendors have confirmed this vulnerability Bug ID CSCuz72642 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CISCOCVR100W is a combination of wired/wireless network connection, VPN, firewall and many other functions

Trust: 2.52

sources: NVD: CVE-2017-3882 // JVNDB: JVNDB-2017-004129 // CNVD: CNVD-2017-06813 // BID: 98287 // VULHUB: VHN-112085

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-06813

AFFECTED PRODUCTS

vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.0.30	Trust: 1.6
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.5.6	Trust: 1.6
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.4.14	Trust: 1.6
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.5.8	Trust: 1.6
vendor:	cisco	model:	small business rv router 1.0	scope:	eq	version:	0.2	Trust: 1.6
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.4.10	Trust: 1.6
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.5.4\(gd\)	Trust: 1.6
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.1.19	Trust: 1.6
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.2.6	Trust: 1.6
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.3.10	Trust: 1.6
vendor:	cisco	model:	cvr100w wireless-n vpn router	scope:	lt	version:	1.0.1.22	Trust: 1.4
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.39	Trust: 1.0
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.5.5	Trust: 1.0
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.5.4	Trust: 1.0
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.1.9	Trust: 1.0
vendor:	cisco	model:	small business rv router	scope:	eq	version:	1.0.6.6	Trust: 1.0
vendor:	cisco	model:	cvr100w wireless-n vpn router	scope:	eq	version:	1.0.1.21	Trust: 0.3
vendor:	cisco	model:	cvr100w wireless-n vpn router	scope:	ne	version:	1.0.1.22	Trust: 0.3

sources: CNVD: CNVD-2017-06813 // BID: 98287 // JVNDB: JVNDB-2017-004129 // CNNVD: CNNVD-201705-222 // NVD: CVE-2017-3882

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3882
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-3882
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-06813
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201705-222
value:	HIGH
Trust: 0.6
VULHUB:	VHN-112085
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-3882
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-06813
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-112085
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3882
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-06813 // VULHUB: VHN-112085 // JVNDB: JVNDB-2017-004129 // CNNVD: CNNVD-201705-222 // NVD: CVE-2017-3882

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-112085 // JVNDB: JVNDB-2017-004129 // NVD: CVE-2017-3882

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201705-222

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201705-222

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004129

PATCH

title:	cisco-sa-20170503-cvr100w1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1	Trust: 0.8
title:	Patch for Cisco CVR100WWireless-NVPNRouter Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/93842	Trust: 0.6
title:	Cisco CVR100W Wireless-N VPN Router Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69850	Trust: 0.6

sources: CNVD: CNVD-2017-06813 // JVNDB: JVNDB-2017-004129 // CNNVD: CNNVD-201705-222

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3882	Trust: 3.4
db:	BID	id:	98287	Trust: 2.6
db:	SECTRACK	id:	1038391	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-004129	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-222	Trust: 0.7
db:	CNVD	id:	CNVD-2017-06813	Trust: 0.6
db:	NSFOCUS	id:	36609	Trust: 0.6
db:	VULHUB	id:	VHN-112085	Trust: 0.1

sources: CNVD: CNVD-2017-06813 // VULHUB: VHN-112085 // BID: 98287 // JVNDB: JVNDB-2017-004129 // CNNVD: CNNVD-201705-222 // NVD: CVE-2017-3882

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170503-cvr100w1	Trust: 2.6
url:	http://www.securityfocus.com/bid/98287	Trust: 1.7
url:	http://www.securitytracker.com/id/1038391	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3882	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3882	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36609	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-06813 // VULHUB: VHN-112085 // BID: 98287 // JVNDB: JVNDB-2017-004129 // CNNVD: CNNVD-201705-222 // NVD: CVE-2017-3882

CREDITS

Cisco.

Trust: 0.9

sources: BID: 98287 // CNNVD: CNNVD-201705-222

SOURCES

db:	CNVD	id:	CNVD-2017-06813
db:	VULHUB	id:	VHN-112085
db:	BID	id:	98287
db:	JVNDB	id:	JVNDB-2017-004129
db:	CNNVD	id:	CNNVD-201705-222
db:	NVD	id:	CVE-2017-3882

LAST UPDATE DATE

2024-11-23T22:07:26.026000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-06813	date:	2017-05-17T00:00:00
db:	VULHUB	id:	VHN-112085	date:	2017-07-11T00:00:00
db:	BID	id:	98287	date:	2017-05-18T16:18:00
db:	JVNDB	id:	JVNDB-2017-004129	date:	2017-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201705-222	date:	2017-05-08T00:00:00
db:	NVD	id:	CVE-2017-3882	date:	2024-11-21T03:26:18.513

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-06813	date:	2017-05-17T00:00:00
db:	VULHUB	id:	VHN-112085	date:	2017-05-16T00:00:00
db:	BID	id:	98287	date:	2017-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-004129	date:	2017-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201705-222	date:	2017-05-08T00:00:00
db:	NVD	id:	CVE-2017-3882	date:	2017-05-16T17:29:00.293