Details of VAR-201702-0785

ID

VAR-201702-0785

CVE

CVE-2017-3814

TITLE

Cisco Firepower System Software Specific in Web Vulnerability that bypasses content blocking

Trust: 0.8

sources: JVNDB: JVNDB-2017-001474

DESCRIPTION

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. This vulnerability "URL Bypass" It is called. Vendors have confirmed this vulnerability Bug ID CSCvb93980 It is released as.By a remote attacker Web Content blocking may be avoided. Cisco Firepower System Software is a next-generation firewall product (NGFW) from Cisco. A remote attacker can exploit the vulnerability by bypassing security restrictions by adding malicious text to the end of the URL string to perform unauthorized operations. This issue is being tracked by Cisco Bug IDCSCvb93980

Trust: 2.52

sources: NVD: CVE-2017-3814 // JVNDB: JVNDB-2017-001474 // CNVD: CNVD-2017-01166 // BID: 95942 // VULHUB: VHN-112017

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-01166

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.0	Trust: 1.4
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.0	Trust: 1.4
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.0	Trust: 1.4
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.1	Trust: 1.4
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0	Trust: 1.4
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.1.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.3.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	cisco	model:	firepower system software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	firepower system software	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2017-01166 // BID: 95942 // JVNDB: JVNDB-2017-001474 // CNNVD: CNNVD-201702-017 // NVD: CVE-2017-3814

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3814
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3814
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-01166
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-017
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112017
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3814
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-01166
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-112017
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3814
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-01166 // VULHUB: VHN-112017 // JVNDB: JVNDB-2017-001474 // CNNVD: CNNVD-201702-017 // NVD: CVE-2017-3814

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-112017 // JVNDB: JVNDB-2017-001474 // NVD: CVE-2017-3814

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-017

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201702-017

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001474

PATCH

title:	cisco-sa-20170201-fpw1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw1	Trust: 0.8
title:	Cisco Firepower System Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67407	Trust: 0.6

sources: JVNDB: JVNDB-2017-001474 // CNNVD: CNNVD-201702-017

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3814	Trust: 3.4
db:	BID	id:	95942	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-001474	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-017	Trust: 0.7
db:	CNVD	id:	CNVD-2017-01166	Trust: 0.6
db:	VULHUB	id:	VHN-112017	Trust: 0.1

sources: CNVD: CNVD-2017-01166 // VULHUB: VHN-112017 // BID: 95942 // JVNDB: JVNDB-2017-001474 // CNNVD: CNNVD-201702-017 // NVD: CVE-2017-3814

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fpw1	Trust: 2.3
url:	http://www.securityfocus.com/bid/95942	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3814	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3814	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fpw1	Trust: 0.3

sources: CNVD: CNVD-2017-01166 // VULHUB: VHN-112017 // BID: 95942 // JVNDB: JVNDB-2017-001474 // CNNVD: CNNVD-201702-017 // NVD: CVE-2017-3814

CREDITS

Cisco

Trust: 0.3

sources: BID: 95942

SOURCES

db:	CNVD	id:	CNVD-2017-01166
db:	VULHUB	id:	VHN-112017
db:	BID	id:	95942
db:	JVNDB	id:	JVNDB-2017-001474
db:	CNNVD	id:	CNNVD-201702-017
db:	NVD	id:	CVE-2017-3814

LAST UPDATE DATE

2024-11-27T23:04:12.629000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-01166	date:	2017-02-09T00:00:00
db:	VULHUB	id:	VHN-112017	date:	2017-02-09T00:00:00
db:	BID	id:	95942	date:	2017-02-02T07:05:00
db:	JVNDB	id:	JVNDB-2017-001474	date:	2017-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201702-017	date:	2017-02-06T00:00:00
db:	NVD	id:	CVE-2017-3814	date:	2024-11-26T16:09:02.407

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-01166	date:	2017-02-09T00:00:00
db:	VULHUB	id:	VHN-112017	date:	2017-02-03T00:00:00
db:	BID	id:	95942	date:	2017-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-001474	date:	2017-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201702-017	date:	2017-02-04T00:00:00
db:	NVD	id:	CVE-2017-3814	date:	2017-02-03T07:59:00.780