Lucene search

[email protected]CVE-2017-6612

HistoryJul 25, 2017 - 7:29 p.m.

CVE-2017-6612

2017-07-2519:29:00

CWE-119

[email protected]

web.nvd.nist.gov

vulnerability

ggsn

cisco asr 5000

remote attacker

http traffic

nvd

cve-2017-6612

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927.

Affected configurations

NVD

Node

ciscoasr_5000_series_softwareMatch17.3.9.62033

ciscoasr_5000_series_softwareMatch17.7.5

ciscoasr_5000_series_softwareMatch19.6.3

ciscoasr_5000_series_softwareMatch20.1.2

ciscoasr_5000_series_softwareMatch20.2.12

ciscoasr_5000_series_softwareMatch21.0.1

ciscoasr_5000_series_softwareMatch21.1.2

CPENameOperatorVersion
cisco:asr_5000_series_softwarecisco asr 5000 series softwareeq17.3.9.62033
cisco:asr_5000_series_softwarecisco asr 5000 series softwareeq17.7.5
cisco:asr_5000_series_softwarecisco asr 5000 series softwareeq19.6.3
cisco:asr_5000_series_softwarecisco asr 5000 series softwareeq20.1.2
cisco:asr_5000_series_softwarecisco asr 5000 series softwareeq20.2.12
cisco:asr_5000_series_softwarecisco asr 5000 series softwareeq21.0.1
cisco:asr_5000_series_softwarecisco asr 5000 series softwareeq21.1.2

CPE	Name	Operator	Version
cisco:asr_5000_series_software	cisco asr 5000 series software	eq	17.3.9.62033
cisco:asr_5000_series_software	cisco asr 5000 series software	eq	17.7.5
cisco:asr_5000_series_software	cisco asr 5000 series software	eq	19.6.3
cisco:asr_5000_series_software	cisco asr 5000 series software	eq	20.1.2
cisco:asr_5000_series_software	cisco asr 5000 series software	eq	20.2.12
cisco:asr_5000_series_software	cisco asr 5000 series software	eq	21.0.1
cisco:asr_5000_series_software	cisco asr 5000 series software	eq	21.1.2

CNA Affected

[
  {
    "product": "Cisco ASR 5000 Series Aggregation Services Routers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco ASR 5000 Series Aggregation Services Routers"
      }
    ]
  }
]

References

www.securityfocus.com/bid/99920

www.securitytracker.com/id/1038961

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2017-6612

prion1 cisco1 nvd1 cvelist1