What is CVE-2017-6612?

CVE-2017-6612 is a high-severity vulnerability in Cisco Asr_5000_series_software, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 8.6/10. Published 2017-07-25.

How severe is CVE-2017-6612?

High severity. CVSS v3 base score is 8.6 out of 10.

Buffer overflow in Cisco Asr_5000_series_software

CVE-2017-6612

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device…

Vulnerability class: Buffer Overflow

EPSS: 0.007 (73.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N.

Affected products

Cisco Asr_5000_series_software — versions 17.3.9.62033, 17.7.5, 19.6.3
N/a Cisco Asr 5000 Series Aggregation Services Routers — versions Cisco ASR 5000 Series Aggregation Services Routers

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-6612?: CVE-2017-6612 is a high-severity vulnerability in Cisco Asr_5000_series_software, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 8.6/10. Published 2017-07-25.
How severe is CVE-2017-6612?: High severity. CVSS v3 base score is 8.6 out of 10.