CVE-2017-6620

Description

A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457.

Risk Information

Base Score

5.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

EPSS Score

Exploitation Probability

0.161

Associated Vulnerability

Vulnerability	OS Platform
Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability For Cisco Small Business RV Series Routers	NCM
Improper Input Validation Vulnerability (CVE-2017-6620)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705925	Security Update for Cisco Small Business RV Series Routers 1.0.3.16

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234