// For flags

CVE-2017-6620

 

Severity Score

5.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457.

Una vulnerabilidad en la característica de lista de control de acceso de administración remota (ACL) del enrutador VPN Cisco N CVR100W Wireless-N podría permitir a un atacante remoto no autenticado omitir la ACL de administración remota. La vulnerabilidad se debe a una implementación incorrecta de la decisión de ACL tomada durante la solicitud de conexión de ingreso a la interfaz de administración remota. Un atacante podría explotar esta vulnerabilidad enviando una conexión a la dirección IP de administración o al nombre de dominio del dispositivo de destino. Una explotación exitosa podría permitir al atacante pasar por alto la ACL de administración remota. Esto puede ocurrir cuando el parámetro de configuración de Gestión remota está establecido en Desactivado. Esta vulnerabilidad afecta a los enrutadores VPN de Cisco CVR100W Wireless-N que ejecutan una imagen de firmware anterior a 1.0.1.24. ID de errores de Cisco: CSCvc14457.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-03-09 CVE Reserved
  • 2017-05-03 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Small Business Rv Series Router Firmware
Search vendor "Cisco" for product "Small Business Rv Series Router Firmware"
 1.0.1.19
Search vendor "Cisco" for product "Small Business Rv Series Router Firmware" and version "1.0.1.19"
-
Affected
in Cisco
Search vendor "Cisco"
 Small Business Rv Series Router
Search vendor "Cisco" for product "Small Business Rv Series Router"
--
Safe