Details of VAR-201707-0977

ID

VAR-201707-0977

CVE

CVE-2017-6612

TITLE

Cisco ASR 5000 Series Aggregation Service Router Buffer Error Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006829

DESCRIPTION

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927. Vendors have confirmed this vulnerability Bug ID CSCvc67927 It is released as.Information may be tampered with. Cisco ASR5000 Series AggregationServicesRouters is the ASR5000 series of multi-function routers from Cisco. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions; other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvc67927. gateway GPRS support node (GGSN) is one of the data gateway components

Trust: 2.52

sources: NVD: CVE-2017-6612 // JVNDB: JVNDB-2017-006829 // CNVD: CNVD-2017-26113 // BID: 99920 // VULHUB: VHN-114815

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-26113

AFFECTED PRODUCTS

vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	20.1.2	Trust: 1.6
vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	20.2.12	Trust: 1.6
vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	21.1.2	Trust: 1.6
vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	17.3.9.62033	Trust: 1.6
vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	17.7.5	Trust: 1.6
vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	21.0.1	Trust: 1.6
vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	19.6.3	Trust: 1.6
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.1.2	Trust: 0.9
vendor:	cisco	model:	asr series	scope:	eq	version:	500020.2.12	Trust: 0.9
vendor:	cisco	model:	asr series	scope:	eq	version:	500019.6.3	Trust: 0.9
vendor:	cisco	model:	asr series	scope:	eq	version:	500019.3.12	Trust: 0.9
vendor:	cisco	model:	asr series	scope:	eq	version:	500017.7.5	Trust: 0.9
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.0.v1	Trust: 0.9
vendor:	cisco	model:	asr series	scope:	eq	version:	500020.1.v2	Trust: 0.9
vendor:	cisco	model:	asr series	scope:	eq	version:	500017.3.9.62033	Trust: 0.9
vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	17.3.9.62033 to 21.1.2	Trust: 0.8

sources: CNVD: CNVD-2017-26113 // BID: 99920 // JVNDB: JVNDB-2017-006829 // CNNVD: CNNVD-201707-1178 // NVD: CVE-2017-6612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6612
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6612
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-26113
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201707-1178
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114815
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6612
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-26113
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114815
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6612
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-26113 // VULHUB: VHN-114815 // JVNDB: JVNDB-2017-006829 // CNNVD: CNNVD-201707-1178 // NVD: CVE-2017-6612

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-114815 // JVNDB: JVNDB-2017-006829 // NVD: CVE-2017-6612

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1178

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201707-1178

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006829

PATCH

title:	cisco-sa-20170719-asr	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr	Trust: 0.8
title:	Cisco ASR5000 Series AggregationServices Router Security Bypass Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/101874	Trust: 0.6
title:	Cisco ASR 5000 Series Aggregation Services Repair measures for router security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72023	Trust: 0.6

sources: CNVD: CNVD-2017-26113 // JVNDB: JVNDB-2017-006829 // CNNVD: CNNVD-201707-1178

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6612	Trust: 3.5
db:	BID	id:	99920	Trust: 2.6
db:	SECTRACK	id:	1038961	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-006829	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-1178	Trust: 0.7
db:	CNVD	id:	CNVD-2017-26113	Trust: 0.6
db:	NSFOCUS	id:	37217	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-114815	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-26113 // VULHUB: VHN-114815 // BID: 99920 // JVNDB: JVNDB-2017-006829 // CNNVD: CNNVD-201707-1178 // NVD: CVE-2017-6612

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-asr	Trust: 2.0
url:	http://www.securityfocus.com/bid/99920	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6612	Trust: 1.4
url:	http://www.securitytracker.com/id/1038961	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6612	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/37217	Trust: 0.6
url:	http://www.cisco.com/en/us/products/ps11072/	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-26113 // VULHUB: VHN-114815 // BID: 99920 // JVNDB: JVNDB-2017-006829 // CNNVD: CNNVD-201707-1178 // NVD: CVE-2017-6612

CREDITS

Trust: 0.6

sources: CNNVD: CNNVD-201707-1178

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2017-26113
db:	VULHUB	id:	VHN-114815
db:	BID	id:	99920
db:	JVNDB	id:	JVNDB-2017-006829
db:	CNNVD	id:	CNNVD-201707-1178
db:	NVD	id:	CVE-2017-6612

LAST UPDATE DATE

2025-01-30T21:26:51.543000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-26113	date:	2017-09-11T00:00:00
db:	VULHUB	id:	VHN-114815	date:	2017-08-10T00:00:00
db:	BID	id:	99920	date:	2017-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-006829	date:	2017-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201707-1178	date:	2017-07-27T00:00:00
db:	NVD	id:	CVE-2017-6612	date:	2024-11-21T03:30:07.367

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-26113	date:	2017-09-11T00:00:00
db:	VULHUB	id:	VHN-114815	date:	2017-07-25T00:00:00
db:	BID	id:	99920	date:	2017-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-006829	date:	2017-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201707-1178	date:	2017-07-27T00:00:00
db:	NVD	id:	CVE-2017-6612	date:	2017-07-25T19:29:00.177