Lucene search

[email protected]CVE-2017-3814

HistoryFeb 03, 2017 - 7:59 a.m.

CVE-2017-3814

2017-02-0307:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cisco

firepower

system

software

vulnerability

remote attacker

web content

blocking

url bypass

nvd

cve-2017-3814

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

40.6%

JSON

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance’s ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0.

Affected configurations

NVD

Node

ciscofirepower_management_centerMatch5.3.0

ciscofirepower_management_centerMatch5.4.0

ciscofirepower_management_centerMatch6.0.0

ciscofirepower_management_centerMatch6.0.1

ciscofirepower_management_centerMatch6.1.0

CPENameOperatorVersion
cisco:firepower_management_centercisco firepower management centereq5.3.0
cisco:firepower_management_centercisco firepower management centereq5.4.0
cisco:firepower_management_centercisco firepower management centereq6.0.0
cisco:firepower_management_centercisco firepower management centereq6.0.1
cisco:firepower_management_centercisco firepower management centereq6.1.0

CPE	Name	Operator	Version
cisco:firepower_management_center	cisco firepower management center	eq	5.3.0
cisco:firepower_management_center	cisco firepower management center	eq	5.4.0
cisco:firepower_management_center	cisco firepower management center	eq	6.0.0
cisco:firepower_management_center	cisco firepower management center	eq	6.0.1
cisco:firepower_management_center	cisco firepower management center	eq	6.1.0

CNA Affected

[
  {
    "product": "Cisco Firepower System Software 5.x 6.x",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Firepower System Software 5.x 6.x"
      }
    ]
  }
]

References

www.securityfocus.com/bid/95942

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw1

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

40.6%

JSON

Related for CVE-2017-3814

cisco1 nvd1 prion1 cvelist1 openvas1