Lucene search

[email protected]CVE-2017-3870

HistoryMar 17, 2017 - 10:59 p.m.

CVE-2017-3870

2017-03-1722:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2017-3870

cisco

asyncos

web security appliance

nvd

vulnerability

url filtering

bypass

remote attacker

email scanning

hardware appliances

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.1%

JSON

A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010.

Affected configurations

NVD

Node

ciscoweb_security_applianceMatch8.5.3-069

ciscoweb_security_applianceMatch9.1.1-074

ciscoweb_security_applianceMatch9.1.2-010

CPENameOperatorVersion
cisco:web_security_appliancecisco web security applianceeq8.5.3-069
cisco:web_security_appliancecisco web security applianceeq9.1.1-074
cisco:web_security_appliancecisco web security applianceeq9.1.2-010

CPE	Name	Operator	Version
cisco:web_security_appliance	cisco web security appliance	eq	8.5.3-069
cisco:web_security_appliance	cisco web security appliance	eq	9.1.1-074
cisco:web_security_appliance	cisco web security appliance	eq	9.1.2-010

CNA Affected

[
  {
    "product": "Cisco Web Security Appliance",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Web Security Appliance"
      }
    ]
  }
]

References

www.securityfocus.com/bid/96907

www.securitytracker.com/id/1038043

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.1%

JSON

Related for CVE-2017-3870

nvd1 openvas1 prion1 cvelist1 cisco1