Details of VAR-201708-1338

ID

VAR-201708-1338

CVE

CVE-2017-6784

TITLE

Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2017-22165 // BID: 100402

DESCRIPTION

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16. Vendors have confirmed this vulnerability Bug ID CSCve37988 It is released as.Information may be obtained. The Cisco RV340, RV345, and RV345PDualWANGigabitVPNRouters are all VPN firewall router products from Cisco. The vulnerability stems from the failure of the program to adequately protect sensitive data. This may lead to other attacks. Use of the following firmware versions is affected: Version 1.0.0.30, Version 1.0.0.33, Version 1.0.1.9, Version 1.0.1.16

Trust: 2.61

sources: NVD: CVE-2017-6784 // JVNDB: JVNDB-2017-007193 // CNVD: CNVD-2017-22165 // BID: 100402 // VULHUB: VHN-114987 // VULMON: CVE-2017-6784

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-22165

AFFECTED PRODUCTS

vendor:	cisco	model:	small business rv345	scope:	eq	version:	1.0.1.16	Trust: 1.6
vendor:	cisco	model:	small business rv340	scope:	eq	version:	1.0.1.16	Trust: 1.6
vendor:	cisco	model:	small business rv345p	scope:	eq	version:	1.0.1.16	Trust: 1.6
vendor:	cisco	model:	small business rv345	scope:	eq	version:	1.0.1.9	Trust: 1.6
vendor:	cisco	model:	small business rv340	scope:	eq	version:	1.0.1.9	Trust: 1.6
vendor:	cisco	model:	small business rv345p	scope:	eq	version:	1.0.1.9	Trust: 1.6
vendor:	cisco	model:	small business rv345	scope:	eq	version:	1.0.0.33	Trust: 1.6
vendor:	cisco	model:	small business rv345	scope:	eq	version:	1.0.0.30	Trust: 1.6
vendor:	cisco	model:	small business rv345p	scope:	eq	version:	1.0.0.33	Trust: 1.6
vendor:	cisco	model:	small business rv345p	scope:	eq	version:	1.0.0.30	Trust: 1.6
vendor:	cisco	model:	small business rv340	scope:	eq	version:	1.0.0.33	Trust: 1.0
vendor:	cisco	model:	small business rv340	scope:	eq	version:	1.0.0.30	Trust: 1.0
vendor:	cisco	model:	rv340	scope:	eq	version:	1.0.0.33	Trust: 0.9
vendor:	cisco	model:	rv340	scope:	eq	version:	1.0.1.16	Trust: 0.9
vendor:	cisco	model:	rv345	scope:	eq	version:	1.0.0.33	Trust: 0.9
vendor:	cisco	model:	rv345	scope:	eq	version:	1.0.1.16	Trust: 0.9
vendor:	cisco	model:	small business rv340	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business rv345	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business rv345p	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv340	scope:	eq	version:	1.0.0.30	Trust: 0.6
vendor:	cisco	model:	rv340	scope:	eq	version:	1.0.1.9	Trust: 0.6
vendor:	cisco	model:	rv345	scope:	eq	version:	1.0.0.30	Trust: 0.6
vendor:	cisco	model:	rv345	scope:	eq	version:	1.0.1.9	Trust: 0.6
vendor:	cisco	model:	rv345p dual wan gigabit vpn routers	scope:	eq	version:	1.0.0.30	Trust: 0.6
vendor:	cisco	model:	rv345p dual wan gigabit vpn routers	scope:	eq	version:	1.0.0.33	Trust: 0.6
vendor:	cisco	model:	rv345p dual wan gigabit vpn routers	scope:	eq	version:	1.0.1.9	Trust: 0.6
vendor:	cisco	model:	rv345p dual wan gigabit vpn routers	scope:	eq	version:	1.0.1.16	Trust: 0.6
vendor:	cisco	model:	rv345p	scope:	eq	version:	1.0.1.16	Trust: 0.3
vendor:	cisco	model:	rv345p	scope:	eq	version:	1.0.0.33	Trust: 0.3
vendor:	cisco	model:	rv345p	scope:	ne	version:	1.0.1.17	Trust: 0.3
vendor:	cisco	model:	rv345	scope:	ne	version:	1.0.1.17	Trust: 0.3
vendor:	cisco	model:	rv340	scope:	ne	version:	1.0.1.17	Trust: 0.3

sources: CNVD: CNVD-2017-22165 // BID: 100402 // JVNDB: JVNDB-2017-007193 // CNNVD: CNNVD-201708-794 // NVD: CVE-2017-6784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6784
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6784
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-22165
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-794
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114987
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-6784
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6784
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-22165
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114987
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6784
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-22165 // VULHUB: VHN-114987 // VULMON: CVE-2017-6784 // JVNDB: JVNDB-2017-007193 // CNNVD: CNNVD-201708-794 // NVD: CVE-2017-6784

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-114987 // JVNDB: JVNDB-2017-007193 // NVD: CVE-2017-6784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-794

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-794

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007193

PATCH

title:	cisco-sa-20170816-crr	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr	Trust: 0.8
title:	Patch for CiscoRV340, RV345, and RV345PDualWANGigabitVPNRouters Information Disclosure Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/100549	Trust: 0.6
title:	Cisco RV340 , RV345 and RV345P Dual WAN Gigabit VPN Routers Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74111	Trust: 0.6
title:	Cisco: Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170816-crr	Trust: 0.1

sources: CNVD: CNVD-2017-22165 // VULMON: CVE-2017-6784 // JVNDB: JVNDB-2017-007193 // CNNVD: CNNVD-201708-794

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6784	Trust: 3.5
db:	BID	id:	100402	Trust: 2.1
db:	SECTRACK	id:	1039191	Trust: 1.2
db:	JVNDB	id:	JVNDB-2017-007193	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-794	Trust: 0.7
db:	CNVD	id:	CNVD-2017-22165	Trust: 0.6
db:	NSFOCUS	id:	37433	Trust: 0.6
db:	VULHUB	id:	VHN-114987	Trust: 0.1
db:	VULMON	id:	CVE-2017-6784	Trust: 0.1

sources: CNVD: CNVD-2017-22165 // VULHUB: VHN-114987 // VULMON: CVE-2017-6784 // BID: 100402 // JVNDB: JVNDB-2017-007193 // CNNVD: CNNVD-201708-794 // NVD: CVE-2017-6784

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-crr	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6784	Trust: 1.4
url:	http://www.securityfocus.com/bid/100402	Trust: 1.2
url:	http://www.securitytracker.com/id/1039191	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6784	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/37433	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://www.cisco.com/c/en/us/products/routers/rv340-dual-gigabit-wan-vpn-router/index.html	Trust: 0.3
url:	https://www.cisco.com/c/en/us/products/routers/rv345-dual-gigabit-wan-vpn-router/index.html	Trust: 0.3
url:	https://www.cisco.com/c/en/us/products/routers/rv345p-dual-gigabit-wan-poe-vpn-router/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-22165 // VULHUB: VHN-114987 // VULMON: CVE-2017-6784 // BID: 100402 // JVNDB: JVNDB-2017-007193 // CNNVD: CNNVD-201708-794 // NVD: CVE-2017-6784

CREDITS

Cisco

Trust: 0.3

sources: BID: 100402

SOURCES

db:	CNVD	id:	CNVD-2017-22165
db:	VULHUB	id:	VHN-114987
db:	VULMON	id:	CVE-2017-6784
db:	BID	id:	100402
db:	JVNDB	id:	JVNDB-2017-007193
db:	CNNVD	id:	CNNVD-201708-794
db:	NVD	id:	CVE-2017-6784

LAST UPDATE DATE

2024-11-23T23:08:56.428000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-22165	date:	2017-08-21T00:00:00
db:	VULHUB	id:	VHN-114987	date:	2017-08-24T00:00:00
db:	VULMON	id:	CVE-2017-6784	date:	2017-08-24T00:00:00
db:	BID	id:	100402	date:	2017-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-007193	date:	2017-09-13T00:00:00
db:	CNNVD	id:	CNNVD-201708-794	date:	2017-08-18T00:00:00
db:	NVD	id:	CVE-2017-6784	date:	2024-11-21T03:30:31.393

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-22165	date:	2017-08-21T00:00:00
db:	VULHUB	id:	VHN-114987	date:	2017-08-17T00:00:00
db:	VULMON	id:	CVE-2017-6784	date:	2017-08-17T00:00:00
db:	BID	id:	100402	date:	2017-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-007193	date:	2017-09-13T00:00:00
db:	CNNVD	id:	CNNVD-201708-794	date:	2017-08-18T00:00:00
db:	NVD	id:	CVE-2017-6784	date:	2017-08-17T20:29:00.823