5.3

CVE-2017-6784

EPSS 0.36%
Veröffentlicht 17.08.2017 20:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Small Business Rv340 Firmware Version1.0.0.30

Cisco ≫ Small Business Rv340 Version-

Cisco ≫ Small Business Rv340 Firmware Version1.0.0.33

Cisco ≫ Small Business Rv340 Version-

Cisco ≫ Small Business Rv340 Firmware Version1.0.1.9

Cisco ≫ Small Business Rv340 Version-

Cisco ≫ Small Business Rv340 Firmware Version1.0.1.16

Cisco ≫ Small Business Rv340 Version-

Cisco ≫ Small Business Rv345 Firmware Version1.0.0.30

Cisco ≫ Small Business Rv345 Version-

Cisco ≫ Small Business Rv345 Firmware Version1.0.0.33

Cisco ≫ Small Business Rv345 Version-

Cisco ≫ Small Business Rv345 Firmware Version1.0.1.9

Cisco ≫ Small Business Rv345 Version-

Cisco ≫ Small Business Rv345 Firmware Version1.0.1.16

Cisco ≫ Small Business Rv345 Version-

Cisco ≫ Small Business Rv345p Firmware Version1.0.0.30

Cisco ≫ Small Business Rv345p Version-

Cisco ≫ Small Business Rv345p Firmware Version1.0.0.33

Cisco ≫ Small Business Rv345p Version-

Cisco ≫ Small Business Rv345p Firmware Version1.0.1.9

Cisco ≫ Small Business Rv345p Version-

Cisco ≫ Small Business Rv345p Firmware Version1.0.1.16

Cisco ≫ Small Business Rv345p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.553

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/100402

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039191

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-6784

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6784

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6784

EUVD