Vulnerability-Lookup

CVE-2017-6612 (GCVE-0-2017-6612)

Vulnerability from cvelistv5 – Published: 2017-07-25 19:00 – Updated: 2024-08-05 15:33

Summary

Severity ?

No CVSS data available.

CWE

Redirect Vulnerability

Assigner

cisco

References

URL

	Vendor	Product	Version
	n/a	Cisco ASR 5000 Series Aggregation Services Routers	Affected: Cisco ASR 5000 Series Aggregation Services Routers

FKIE_CVE-2017-6612

Vulnerability from fkie_nvd - Published: 2017-07-25 19:29 - Updated: 2025-04-20 01:37

Severity ?

8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/99920	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1038961	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99920	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038961	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	asr_5000_series_software	17.3.9.62033
cisco	asr_5000_series_software	17.7.5
cisco	asr_5000_series_software	19.6.3
cisco	asr_5000_series_software	20.1.2
cisco	asr_5000_series_software	20.2.12
cisco	asr_5000_series_software	21.0.1
cisco	asr_5000_series_software	21.1.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_series_software:17.3.9.62033:*:*:*:*:*:*:*",
              "matchCriteriaId": "909549D4-A2D3-473F-9982-36C3709749A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_series_software:17.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD8C599F-D45E-4613-9DEC-9ECC6C2B600B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_series_software:19.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A32B7EC-24D8-4344-AD67-0C2479BD2443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_series_software:20.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80A1B52-D2D3-4EC0-82FF-D8D3AE01185F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_series_software:20.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "857DEC6B-8984-468B-9926-F0862D0A4EE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_series_software:21.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C137DA3-4CBE-4FCB-BC26-BBB82C392B21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:asr_5000_series_software:21.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E56217A-1BD5-431B-8BF5-F32714BD79CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el nodo de soporte del gateway GPRS (GGSN) de ASR 5000 Series Aggregation Services Routers versi\u00f3n 17.3.9.62033 hasta 21.1.2 de Cisco, podr\u00eda permitir a un atacante remoto no autenticado redireccionar el tr\u00e1fico HTTP enviado hacia un dispositivo afectado. M\u00e1s informaci\u00f3n: CSCvc67927."
    }
  ],
  "id": "CVE-2017-6612",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-25T19:29:00.177",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99920"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038961"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-26113

Vulnerability from cnvd - Published: 2017-09-11

Title

Cisco ASR 5000 Series Aggregation Services路由器安全绕过漏洞

Description

Cisco ASR 5000 Series Aggregation Services Routers是美国思科（Cisco）公司的ASR 5000系列多功能路由器。 Cisco ASR 5000 Series Aggregation Services RoutersGGSN存在重定向漏洞，允许远程攻击者利用漏洞更改HTTP流量中payload的属性重定向流量。

Severity

中

Patch Name

Cisco ASR 5000 Series Aggregation Services路由器安全绕过漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-6612

Impacted products

Name
['Cisco ASR 5000 Series 21.1.2', 'Cisco ASR 5000 Series 20.2.12', 'Cisco ASR 5000 Series 19.6.3', 'Cisco ASR 5000 Series 19.3.12', 'Cisco ASR 5000 Series 17.7.5', 'Cisco ASR 5000 Series 21.0.v1', 'Cisco ASR 5000 Series 20.1.v2', 'Cisco ASR 5000 Series 17.3.9.62033']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99920"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6612"
    }
  },
  "description": "Cisco ASR 5000 Series Aggregation Services Routers\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684ASR 5000\u7cfb\u5217\u591a\u529f\u80fd\u8def\u7531\u5668\u3002\r\n\r\nCisco ASR 5000 Series Aggregation Services RoutersGGSN\u5b58\u5728\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u66f4\u6539HTTP\u6d41\u91cf\u4e2dpayload\u7684\u5c5e\u6027\u91cd\u5b9a\u5411\u6d41\u91cf\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-26113",
  "openTime": "2017-09-11",
  "patchDescription": "Cisco ASR 5000 Series Aggregation Services Routers\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684ASR 5000\u7cfb\u5217\u591a\u529f\u80fd\u8def\u7531\u5668\u3002\r\n\r\nCisco ASR 5000 Series Aggregation Services RoutersGGSN\u5b58\u5728\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u66f4\u6539HTTP\u6d41\u91cf\u4e2dpayload\u7684\u5c5e\u6027\u91cd\u5b9a\u5411\u6d41\u91cf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco ASR 5000 Series Aggregation Services\u8def\u7531\u5668\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco ASR 5000 Series 21.1.2",
      "Cisco ASR 5000 Series  20.2.12",
      "Cisco ASR 5000 Series  19.6.3",
      "Cisco ASR 5000 Series  19.3.12",
      "Cisco ASR 5000 Series  17.7.5",
      "Cisco ASR 5000 Series  21.0.v1",
      "Cisco ASR 5000 Series  20.1.v2",
      "Cisco ASR 5000 Series  17.3.9.62033"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-6612",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-26",
  "title": "Cisco ASR 5000 Series Aggregation Services\u8def\u7531\u5668\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

GHSA-8559-F4G5-6PJJ

Vulnerability from github – Published: 2022-05-17 02:15 – Updated: 2022-05-17 02:15

Details

Severity ?

8.6 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-25T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927.",
  "id": "GHSA-8559-f4g5-6pjj",
  "modified": "2022-05-17T02:15:35Z",
  "published": "2022-05-17T02:15:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6612"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99920"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038961"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-6612

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6612

Aliases

CVE-2017-6612

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6612",
    "description": "A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927.",
    "id": "GSD-2017-6612"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6612"
      ],
      "details": "A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927.",
      "id": "GSD-2017-6612",
      "modified": "2023-12-13T01:21:10.021822Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-6612",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco ASR 5000 Series Aggregation Services Routers",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco ASR 5000 Series Aggregation Services Routers"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Redirect Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038961",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038961"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr"
          },
          {
            "name": "99920",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99920"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:17.3.9.62033:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:19.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:21.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:17.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:20.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:asr_5000_series_software:20.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6612"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr"
            },
            {
              "name": "1038961",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038961"
            },
            {
              "name": "99920",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99920"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2017-08-10T12:29Z",
      "publishedDate": "2017-07-25T19:29Z"
    }
  }
}

VAR-201707-0977

Vulnerability from variot - Updated: 2025-04-20 23:02

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927. Vendors have confirmed this vulnerability Bug ID CSCvc67927 It is released as.Information may be tampered with. Cisco ASR5000 Series AggregationServicesRouters is the ASR5000 series of multi-function routers from Cisco. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions; other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvc67927. gateway GPRS support node (GGSN) is one of the data gateway components

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0977",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "20.1.2"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "20.2.12"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.1.2"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "17.3.9.62033"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "17.7.5"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "21.0.1"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "19.6.3"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "500021.1.2"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "500020.2.12"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "500019.6.3"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "500019.3.12"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "500017.7.5"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "500021.0.v1"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "500020.1.v2"
      },
      {
        "model": "asr series",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "500017.3.9.62033"
      },
      {
        "model": "asr 5000 series software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "17.3.9.62033 to  21.1.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      },
      {
        "db": "BID",
        "id": "99920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6612"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:asr_5000_series_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-6612",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-6612",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-26113",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-114815",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-6612",
            "impactScore": 4.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6612",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6612",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-26113",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-1178",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114815",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6612"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927. Vendors have confirmed this vulnerability Bug ID CSCvc67927 It is released as.Information may be tampered with. Cisco ASR5000 Series AggregationServicesRouters is the ASR5000 series of multi-function routers from Cisco. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions; other attacks are also possible. \nThis issue is being tracked by Cisco Bug ID CSCvc67927. gateway GPRS support node (GGSN) is one of the data gateway components",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      },
      {
        "db": "BID",
        "id": "99920"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114815"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6612",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "99920",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1038961",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1178",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-26113",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "37217",
        "trust": 0.6
      },
      {
        "db": "OTHER",
        "id": "NONE",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-114815",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114815"
      },
      {
        "db": "BID",
        "id": "99920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6612"
      }
    ]
  },
  "id": "VAR-201707-0977",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114815"
      }
    ],
    "trust": 1.22697302
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "network device"
        ],
        "sub_category": "router",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:02:08.454000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170719-asr",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr"
      },
      {
        "title": "Cisco ASR5000 Series AggregationServices Router Security Bypass Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/101874"
      },
      {
        "title": "Cisco ASR 5000 Series Aggregation Services Repair measures for router security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72023"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6612"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-asr"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99920"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6612"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038961"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6612"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/37217"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps11072/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114815"
      },
      {
        "db": "BID",
        "id": "99920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6612"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114815"
      },
      {
        "db": "BID",
        "id": "99920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6612"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      },
      {
        "date": "2017-07-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114815"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "BID",
        "id": "99920"
      },
      {
        "date": "2017-09-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      },
      {
        "date": "2017-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      },
      {
        "date": "2017-07-25T19:29:00.177000",
        "db": "NVD",
        "id": "CVE-2017-6612"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-26113"
      },
      {
        "date": "2017-08-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114815"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "BID",
        "id": "99920"
      },
      {
        "date": "2017-09-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      },
      {
        "date": "2017-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-6612"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASR 5000 Series Aggregation Service Router Buffer Error Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006829"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1178"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6612 (GCVE-0-2017-6612)

FKIE_CVE-2017-6612

CNVD-2017-26113

GHSA-8559-F4G5-6PJJ

GSD-2017-6612

VAR-201707-0977

Tags

Sightings

Nomenclature