CVE-2017-11587 — HIGH (7.5)

Vulnerability Description

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Residential Gateway Firmware	ddr2200b-na-annexa-fcc-v00.00.03.45.4e
Cisco	Residential Gateway	-

Related Weaknesses (CWE)

CWE-22

References

http://seclists.org/fulldisclosure/2017/Jul/26Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/100484
http://seclists.org/fulldisclosure/2017/Jul/26Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/100484

FAQ

What is CVE-2017-11587?

CVE-2017-11587 is a vulnerability with a CVSS score of 7.5 (HIGH). On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal...

How severe is CVE-2017-11587?

CVE-2017-11587 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-11587?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Residential Gateway Firmware, Cisco Residential Gateway.