Remote Code Execution Vulnerability in Cisco ASR 5000 Series Routers
CVE-2017-6612

8.6HIGH

Key Information:

Vendor
Cisco
Status
Cisco Asr 5000 Series Aggregation Services Routers
Vendor
CVE Published:
25 July 2017

Summary

A vulnerability exists within the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series routers, specifically between versions 17.3.9.62033 and 21.1.2. This flaw could potentially enable an unauthenticated remote attacker to redirect HTTP traffic directed at the affected device. It is crucial for organizations utilizing these routers to implement mitigation strategies to safeguard their networks against potential exploitations. For detailed guidance on securing your systems, refer to the relevant Cisco security advisory.

Affected Version(s)

Cisco ASR 5000 Series Aggregation Services Routers Cisco ASR 5000 Series Aggregation Services Routers

References

http://www.securitytracker.com/id/1038961
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99920
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.