Sign-up

ID

VAR-201705-3735


CVE

CVE-2017-6620


TITLE

Cisco CVR100W Wireless-N VPN Router Vulnerabilities related to authorization, authority, and access control in access control lists

Trust: 0.8

sources: JVNDB: JVNDB-2017-003769

DESCRIPTION

A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457. Vendors have confirmed this vulnerability Bug ID CSCvc14457 It is released as.Information may be obtained. CISCOCVR100W is a combination of wired/wireless network connection, VPN, firewall and many other functions. This may aid in further attacks. The vulnerability is caused by the program not correctly implementing the ACL

Trust: 2.52

sources: NVD: CVE-2017-6620 // JVNDB: JVNDB-2017-003769 // CNVD: CNVD-2017-06814 // BID: 98289 // VULHUB: VHN-114823

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06814

AFFECTED PRODUCTS

vendor:ciscomodel:small business rv series routerscope:eqversion:1.0.1.19

Trust: 1.6

vendor:ciscomodel:cvr100w wireless-n vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:cvr100w wireless-n vpn routerscope:ltversion:1.0.1.24

Trust: 0.6

vendor:ciscomodel:cvr100w wireless-n vpn routerscope:eqversion:1.0.1.22

Trust: 0.3

vendor:ciscomodel:cvr100w wireless-n vpn routerscope:eqversion:1.0.1.21

Trust: 0.3

vendor:ciscomodel:cvr100w wireless-n vpn routerscope:neversion:1.0.1.24

Trust: 0.3

sources: CNVD: CNVD-2017-06814 // BID: 98289 // JVNDB: JVNDB-2017-003769 // CNNVD: CNNVD-201705-207 // NVD: CVE-2017-6620

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6620
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6620
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-06814
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-207
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114823
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6620
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06814
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114823
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6620
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-06814 // VULHUB: VHN-114823 // JVNDB: JVNDB-2017-003769 // CNNVD: CNNVD-201705-207 // NVD: CVE-2017-6620

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-114823 // JVNDB: JVNDB-2017-003769 // NVD: CVE-2017-6620

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-207

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201705-207

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003769

PATCH
title:cisco-sa-20170503-cvr100w2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2
Trust: 0.8
title:Cisco CVR100WWireless-NVPNRouter Security Restricted Patch Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/93841
Trust: 0.6
title:Cisco CVR100W Wireless-N VPN Router Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69837
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06814 // 
            
            
            
            JVNDB: JVNDB-2017-003769 // 
            
            
            
            CNNVD: CNNVD-201705-207

EXTERNAL IDS
db:NVDid:CVE-2017-6620
Trust: 3.4
db:BIDid:98289
Trust: 2.6
db:SECTRACKid:1038395
Trust: 1.7
db:JVNDBid:JVNDB-2017-003769
Trust: 0.8
db:CNNVDid:CNNVD-201705-207
Trust: 0.7
db:CNVDid:CNVD-2017-06814
Trust: 0.6
db:VULHUBid:VHN-114823
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-06814 // 
            
            
            
            VULHUB: VHN-114823 // 
            
            
            
            BID: 98289 // 
            
            
            
            JVNDB: JVNDB-2017-003769 // 
            
            
            
            CNNVD: CNNVD-201705-207 // 
            
            
            
            NVD: CVE-2017-6620

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170503-cvr100w2
Trust: 2.6
url:http://www.securityfocus.com/bid/98289
Trust: 1.7
url:http://www.securitytracker.com/id/1038395
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6620
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6620
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-06814 // 
            
            
            
            VULHUB: VHN-114823 // 
            
            
            
            BID: 98289 // 
            
            
            
            JVNDB: JVNDB-2017-003769 // 
            
            
            
            CNNVD: CNNVD-201705-207 // 
            
            
            
            NVD: CVE-2017-6620

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 98289

SOURCES
db:CNVDid:CNVD-2017-06814
db:VULHUBid:VHN-114823
db:BIDid:98289
db:JVNDBid:JVNDB-2017-003769
db:CNNVDid:CNNVD-201705-207
db:NVDid:CVE-2017-6620

LAST UPDATE DATE
2024-11-23T22:17:56.762000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06814date:2017-05-17T00:00:00
db:VULHUBid:VHN-114823date:2019-10-03T00:00:00
db:BIDid:98289date:2017-05-18T16:18:00
db:JVNDBid:JVNDB-2017-003769date:2017-06-07T00:00:00
db:CNNVDid:CNNVD-201705-207date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6620date:2024-11-21T03:30:08.667

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-06814date:2017-05-17T00:00:00
db:VULHUBid:VHN-114823date:2017-05-03T00:00:00
db:BIDid:98289date:2017-05-03T00:00:00
db:JVNDBid:JVNDB-2017-003769date:2017-06-07T00:00:00
db:CNNVDid:CNNVD-201705-207date:2017-05-08T00:00:00
db:NVDid:CVE-2017-6620date:2017-05-03T21:59:00.167