CVE-2017-6672

CWE-863 — Incorrect Authorization CWE-2644 documents4 sources

Severity

7.5HIGH

EPSS

0.4%

top 41.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ASR 5000 Series Software

Timeline

PublishedJul 25

Latest updateMay 13

Description

A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco_asr_5000_series_aggregation_services_routersCisco ASR 5000 Series Aggregation Services Routers

▶NVDcisco/asr_5000_series_software23 versions+22

🔴Vulnerability Details

GHSA

GHSA-3xgv-53v3-rfw4: A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21↗2022-05-13

▶

CVEList

CVE-2017-6672: A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21↗2017-07-25

▶

📋Vendor Advisories

Cisco

Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability↗2017-07-19

▶