CVE-2017-3882 — CRITICAL (9.6)

Vulnerability Description

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release 1.0.1.22. Cisco Bug IDs: CSCuz72642.

CVSS Score

9.6

CRITICAL

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Small Business Rv Router Firmware	1.0.0.30
Cisco	Small Business Rv Router Firmware 1.0	0.2
Cisco	Rv042	-
Cisco	Rv042G	-
Cisco	Rv082	-
Cisco	Rv110W	-
Cisco	Rv130	-
Cisco	Rv130 Wf	-
Cisco	Rv130W	-
Cisco	Rv130W Wf	-
Cisco	Rv132W	-
Cisco	Rv134W	-
Cisco	Rv215W	-
Cisco	Rv320	-
Cisco	Rv320 Wf	-
Cisco	Rv325	-
Cisco	Rv325 Wf	-

Related Weaknesses (CWE)

CWE-119

References

http://www.securityfocus.com/bid/98287Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038391
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/98287Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038391
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2017-3882?

CVE-2017-3882 is a vulnerability with a CVSS score of 9.6 (CRITICAL). A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or c...

How severe is CVE-2017-3882?

CVE-2017-3882 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-3882?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Small Business Rv Router Firmware, Cisco Small Business Rv Router Firmware 1.0, Cisco Rv042, Cisco Rv042G, Cisco Rv082.