Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2017-6620
HistoryMay 03, 2017 - 9:59 p.m.

CVE-2017-6620

2017-05-0321:59:00
CWE-264
CWE-20
cisco
web.nvd.nist.gov
29
cisco
cvr100w
wireless-n
vpn
router
vulnerability
acl
remote management
unauthenticated
bypass
exploit
firmware
nvd
cve-2017-6620

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

50.2%

JSON

A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457.

Affected configurations

Nvd
Node
ciscosmall_business_rv_series_routerMatch-
AND
ciscosmall_business_rv_series_router_firmwareMatch1.0.1.19
VendorProductVersionCPE
ciscosmall_business_rv_series_router-cpe:2.3:h:cisco:small_business_rv_series_router:-:*:*:*:*:*:*:*
ciscosmall_business_rv_series_router_firmware1.0.1.19cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.1.19:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco CVR100W Wireless-N VPN Router",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco CVR100W Wireless-N VPN Router"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
cisco 1
cvelist
cvelist
CVE-2017-6620
2017-05-03 21:00:00
prion
prion
Design/Logic Flaw
2017-05-03 21:59:00
nvd
nvd
CVE-2017-6620
2017-05-03 21:59:00
cisco
cisco
Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability
2017-05-03 16:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

50.2%

JSON
Related for CVE-2017-6620
cvelist1prion1nvd1cisco1