cnvd - cnvd-2017-22165

cnvd-2017-22165

Vulnerability from cnvd

Title

Cisco RV340、RV345和RV345P Dual WAN Gigabit VPN Routers信息泄露漏洞

Description

Cisco RV340、RV345和RV345P Dual WAN Gigabit VPN Routers都是美国思科（Cisco）公司的VPN防火墙路由器产品。 Cisco RV340、RV345和RV345P Dual WAN Gigabit VPN Routers中的Web界面存在信息泄露漏洞，该漏洞源于程序未能充分的保护敏感数据。远程攻击者可通过使用HTTP协议并查看HTTP响应中的数据利用该漏洞获取敏感信息。

Severity

中

Patch Name

Cisco RV340、RV345和RV345P Dual WAN Gigabit VPN Routers信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-6784

Impacted products

Name
['Cisco RV340 1.0.0.30', 'Cisco RV340 1.0.0.33', 'Cisco RV340 1.0.1.9', 'Cisco RV340 1.0.1.16', 'Cisco RV345 1.0.0.30', 'Cisco RV345 1.0.0.33', 'Cisco RV345 1.0.1.9', 'Cisco RV345 1.0.1.16', 'Cisco RV345P Dual WAN Gigabit VPN Routers 1.0.0.30', 'Cisco RV345P Dual WAN Gigabit VPN Routers 1.0.0.33', 'Cisco RV345P Dual WAN Gigabit VPN Routers 1.0.1.9', 'Cisco RV345P Dual WAN Gigabit VPN Routers 1.0.1.16']

Name

['Cisco RV340 1.0.0.30', 'Cisco RV340 1.0.0.33', 'Cisco RV340 1.0.1.9', 'Cisco RV340 1.0.1.16', 'Cisco RV345 1.0.0.30', 'Cisco RV345 1.0.0.33', 'Cisco RV345 1.0.1.9', 'Cisco RV345 1.0.1.16', 'Cisco RV345P Dual WAN Gigabit VPN Routers 1.0.0.30', 'Cisco RV345P Dual WAN Gigabit VPN Routers 1.0.0.33', 'Cisco RV345P Dual WAN Gigabit VPN Routers 1.0.1.9', 'Cisco RV345P Dual WAN Gigabit VPN Routers 1.0.1.16']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100402"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6784"
    }
  },
  "description": "Cisco RV340\u3001RV345\u548cRV345P Dual WAN Gigabit VPN Routers\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684VPN\u9632\u706b\u5899\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nCisco RV340\u3001RV345\u548cRV345P Dual WAN Gigabit VPN Routers\u4e2d\u7684Web\u754c\u9762\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u4fdd\u62a4\u654f\u611f\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528HTTP\u534f\u8bae\u5e76\u67e5\u770bHTTP\u54cd\u5e94\u4e2d\u7684\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-22165",
  "openTime": "2017-08-21",
  "patchDescription": "Cisco RV340\u3001RV345\u548cRV345P Dual WAN Gigabit VPN Routers\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684VPN\u9632\u706b\u5899\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nCisco RV340\u3001RV345\u548cRV345P Dual WAN Gigabit VPN Routers\u4e2d\u7684Web\u754c\u9762\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u4fdd\u62a4\u654f\u611f\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528HTTP\u534f\u8bae\u5e76\u67e5\u770bHTTP\u54cd\u5e94\u4e2d\u7684\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco RV340\u3001RV345\u548cRV345P Dual WAN Gigabit VPN Routers\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco RV340 1.0.0.30",
      "Cisco RV340  1.0.0.33",
      "Cisco RV340  1.0.1.9",
      "Cisco RV340  1.0.1.16",
      "Cisco RV345 1.0.0.30",
      "Cisco RV345  1.0.0.33",
      "Cisco RV345  1.0.1.9",
      "Cisco RV345  1.0.1.16",
      "Cisco RV345P Dual WAN Gigabit VPN Routers 1.0.0.30",
      "Cisco RV345P Dual WAN Gigabit VPN Routers  1.0.0.33",
      "Cisco RV345P Dual WAN Gigabit VPN Routers  1.0.1.9",
      "Cisco RV345P Dual WAN Gigabit VPN Routers  1.0.1.16"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-6784",
  "serverity": "\u4e2d",
  "submitTime": "2017-08-18",
  "title": "Cisco RV340\u3001RV345\u548cRV345P Dual WAN Gigabit VPN Routers\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-6784 (GCVE-0-2017-6784)

Vulnerability from cvelistv5

Published

2017-08-17 20:00

Modified

2024-09-16 18:23

Severity ?

CWE

Information Disclosure

Summary

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16.

References

URL

Tags

	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1039191	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/100402	vdb-entry, x_refsource_BID