Vulnslist

find the latest Cisco vulnerabilities

Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability

cisco-sa-20170719-asr · Medium · Published · Updated

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. The vulnerability exists because the affected device does not sufficiently validate HTTP traffic that contains one or more packets with additional bytes at the end of the packet. An attacker could exploit this vulnerability by changing the properties of a payload in HTTP traffic that is sent to an affected device. A successful exploit could allow the attacker to pipeline requests through an affected device without verifying and accounting for the requests. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6612
Cisco Bug IDsCSCvc67927
CVSS ScoreBase 5.8
Base 5.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco ASR 5000 Series Software

Related Products

Product CVE Evidence
Cisco SR 500 Secure Routers CVE-2017-6612 Cisco OpenVuln
Cisco RV Series Routers CVE-2017-6612 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2017-6612 Cisco OpenVuln
Cisco ASR 5000 Series Software CVE-2017-6612 Cisco OpenVuln