CVE-2017-6784 — MEDIUM (5.3)

Vulnerability Description

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Small Business Rv340 Firmware	1.0.0.30
Cisco	Small Business Rv340	-
Cisco	Small Business Rv345 Firmware	1.0.0.30
Cisco	Small Business Rv345	-
Cisco	Small Business Rv345P Firmware	1.0.0.30
Cisco	Small Business Rv345P	-

Related Weaknesses (CWE)

CWE-200

References

http://www.securityfocus.com/bid/100402Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039191Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/100402Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039191Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2017-6784?

CVE-2017-6784 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use...

How severe is CVE-2017-6784?

CVE-2017-6784 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-6784?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Small Business Rv340 Firmware, Cisco Small Business Rv340, Cisco Small Business Rv345 Firmware, Cisco Small Business Rv345, Cisco Small Business Rv345P Firmware.