CVE-2017-6672

EPSS 0.37%
Veröffentlicht 25.07.2017 19:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Asr 5000 Series Software Version19.3.5

Cisco ≫ Asr 5000 Series Software Version19.3.11

Cisco ≫ Asr 5000 Series Software Version19.3.12

Cisco ≫ Asr 5000 Series Software Version19.6.0

Cisco ≫ Asr 5000 Series Software Version19.6.3

Cisco ≫ Asr 5000 Series Software Version19.6.6

Cisco ≫ Asr 5000 Series Software Version20.1.v5

Cisco ≫ Asr 5000 Series Software Version20.2.4

Cisco ≫ Asr 5000 Series Software Version20.2.12

Cisco ≫ Asr 5000 Series Software Version20.3.0

Cisco ≫ Asr 5000 Series Software Version20.3.1

Cisco ≫ Asr 5000 Series Software Version21.0.v1.66638

Cisco ≫ Asr 5000 Series Software Version21.0.v2

Cisco ≫ Asr 5000 Series Software Version21.1.0

Cisco ≫ Asr 5000 Series Software Version21.1.2

Cisco ≫ Asr 5000 Series Software Version21.1.m0.65710

Cisco ≫ Asr 5000 Series Software Version21.1.m0.65921

Cisco ≫ Asr 5000 Series Software Version21.1.m0.65931

Cisco ≫ Asr 5000 Series Software Version21.1.m0.65986

Cisco ≫ Asr 5000 Series Software Version21.1.v0

Cisco ≫ Asr 5000 Series Software Version21.2.a0.65914

Cisco ≫ Asr 5000 Series Software Version21.2.a0.65995

Cisco ≫ Asr 5000 Series Software Version21.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.559

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://www.securityfocus.com/bid/99921

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038962

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-6672

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6672

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6672

EUVD