Description
A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870.
Affected Software
Related
{"id": "CVE-2017-6672", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2017-6672", "description": "A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870.", "published": "2017-07-25T19:29:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6672", "reporter": "psirt@cisco.com", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr1", "http://www.securitytracker.com/id/1038962", "http://www.securityfocus.com/bid/99921"], "cvelist": ["CVE-2017-6672"], "immutableFields": [], "lastseen": "2023-02-08T16:12:05", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-20170719-ASR1"]}], "rev": 4}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cisco", "idList": ["CISCO-SA-20170719-ASR1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-6672", "epss": "0.001600000", "percentile": "0.507870000", "modified": "2023-03-14"}], "vulnersScore": 5.2}, "_state": {"dependencies": 1675872729, "score": 1675873208, "affected_software_major_version": 1677268883, "epss": 1678838010}, "_internal": {"score_hash": "2bfad90482af3c69b1a568efef90792c"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:cisco:asr_5000_series_software:21.2.a0.65995", "cpe:/a:cisco:asr_5000_series_software:21.0.v2", "cpe:/a:cisco:asr_5000_series_software:21.1.m0.65921", "cpe:/a:cisco:asr_5000_series_software:19.6.3", "cpe:/a:cisco:asr_5000_series_software:19.3.5", "cpe:/a:cisco:asr_5000_series_software:19.6.0", "cpe:/a:cisco:asr_5000_series_software:20.3.1", "cpe:/a:cisco:asr_5000_series_software:20.3.0", "cpe:/a:cisco:asr_5000_series_software:21.1.m0.65986", "cpe:/a:cisco:asr_5000_series_software:20.2.12", "cpe:/a:cisco:asr_5000_series_software:21.1.m0.65710", "cpe:/a:cisco:asr_5000_series_software:19.3.11", "cpe:/a:cisco:asr_5000_series_software:21.1.v0", "cpe:/a:cisco:asr_5000_series_software:20.2.4", "cpe:/a:cisco:asr_5000_series_software:19.6.6", "cpe:/a:cisco:asr_5000_series_software:21.1.m0.65931", "cpe:/a:cisco:asr_5000_series_software:21.0.v1.66638", "cpe:/a:cisco:asr_5000_series_software:21.2.a0.65914", "cpe:/a:cisco:asr_5000_series_software:21.1.2", "cpe:/a:cisco:asr_5000_series_software:20.1.v5", "cpe:/a:cisco:asr_5000_series_software:21.3.0", "cpe:/a:cisco:asr_5000_series_software:19.3.12", "cpe:/a:cisco:asr_5000_series_software:21.1.0"], "cpe23": ["cpe:2.3:a:cisco:asr_5000_series_software:20.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:20.1.v5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:19.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:20.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:19.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.1.m0.65986:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.0.v2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.0.v1.66638:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.2.a0.65914:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:19.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.2.a0.65995:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:20.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:19.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.1.m0.65921:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.1.m0.65931:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:20.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.1.m0.65710:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:21.1.v0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:19.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:asr_5000_series_software:19.6.0:*:*:*:*:*:*:*"], "cwe": ["CWE-863"], "affectedSoftware": [{"cpeName": "cisco:asr_5000_series_software", "version": "20.1.v5", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "19.6.3", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.1.m0.65710", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "19.6.0", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.2.a0.65995", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.2.a0.65914", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.1.m0.65921", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "19.6.6", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.1.m0.65986", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "19.3.11", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "19.3.5", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "20.3.1", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.0.v1.66638", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.1.0", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.1.v0", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.0.v2", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.1.m0.65931", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.3.0", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "21.1.2", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "20.2.12", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "20.2.4", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "20.3.0", "operator": "eq", "name": "cisco asr 5000 series software"}, {"cpeName": "cisco:asr_5000_series_software", "version": "19.3.12", "operator": "eq", "name": "cisco asr 5000 series software"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:20.1.v5:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.6.3:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.1.m0.65710:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.6.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.2.a0.65995:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.2.a0.65914:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.1.m0.65921:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.6.6:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.1.m0.65986:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.3.11:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.3.5:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:20.3.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.0.v1.66638:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.1.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.1.v0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.0.v2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.1.m0.65931:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.3.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.1.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:20.2.12:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:20.2.4:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:20.3.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.3.12:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr1", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr1", "refsource": "CONFIRM", "tags": ["Vendor Advisory"]}, {"url": "http://www.securitytracker.com/id/1038962", "name": "1038962", "refsource": "SECTRACK", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "http://www.securityfocus.com/bid/99921", "name": "99921", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"]}], "product_info": [{"vendor": "Cisco", "product": "Asr_5000_series_software"}]}
{"cisco": [{"lastseen": "2023-03-02T20:34:34", "description": "A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device.\n\nThe vulnerability exists because the affected device fails to inspect and match certain traffic that meets the criteria defined in ACL rules configured for the device. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to bypass certain sets of rules defined in ACLs for the affected device.\n\nThere are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr1 [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr1\"]", "cvss3": {}, "published": "2017-07-19T16:00:00", "type": "cisco", "title": "Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-6672"], "modified": "2017-07-19T16:00:00", "id": "CISCO-SA-20170719-ASR1", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr1", "cvss": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}]}
CVE-2017-6672
