How severe is CVE-2017-6620?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2017-6620?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2017-6620

MEDIUM Year: 2017

CVSS v3 Score

5.8

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-264

View all →

Vulnerability Description

A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457.

CVE-2016-5847

MEDIUM

CVSS:5.8(Medium)

SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security ...

CWE-2642016

CVE-2019-1969

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perf...

CWE-2642019

CVE-2019-1978

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an ...

CWE-2642019

CVE-2019-1980

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an...

CWE-2642019

CVE-2019-1981

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an ...

CWE-2642019

CVE-2019-1982

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allo...

CWE-2642019

CVE-2017-6620

Vulnerability Description

Related Vulnerabilities

CVE-2016-5847

CVE-2019-1969

CVE-2019-1978

CVE-2019-1980

CVE-2019-1981

CVE-2019-1982