Sign-up

ID

VAR-201702-0798


CVE

CVE-2017-3809


TITLE

Cisco Firepower Management Center of Policy Vulnerabilities with restricted deployment in the deployment module

Trust: 0.8

sources: JVNDB: JVNDB-2017-001473

DESCRIPTION

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0. The Cisco Firepower Management Center (FMC) is the next-generation firewall management center software from Cisco. Policydeployment is one of the policy deployment modules. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvb95281

Trust: 2.52

sources: NVD: CVE-2017-3809 // JVNDB: JVNDB-2017-001473 // CNVD: CNVD-2017-01163 // BID: 95941 // VULHUB: VHN-112012

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01163

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0

Trust: 1.4

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0

Trust: 1.4

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-01163 // BID: 95941 // JVNDB: JVNDB-2017-001473 // CNNVD: CNNVD-201702-020 // NVD: CVE-2017-3809

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3809
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3809
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-01163
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201702-020
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112012
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3809
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-01163
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-112012
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3809
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-01163 // VULHUB: VHN-112012 // JVNDB: JVNDB-2017-001473 // CNNVD: CNNVD-201702-020 // NVD: CVE-2017-3809

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-112012 // JVNDB: JVNDB-2017-001473 // NVD: CVE-2017-3809

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-020

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201702-020

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001473

PATCH
title:cisco-sa-20170201-fmcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc
Trust: 0.8
title:Cisco FirepowerManagementCenter Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/88864
Trust: 0.6
title:Cisco Firepower Management Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67408
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01163 // 
            
            
            
            JVNDB: JVNDB-2017-001473 // 
            
            
            
            CNNVD: CNNVD-201702-020

EXTERNAL IDS
db:NVDid:CVE-2017-3809
Trust: 3.4
db:BIDid:95941
Trust: 2.0
db:SECTRACKid:1037776
Trust: 1.1
db:JVNDBid:JVNDB-2017-001473
Trust: 0.8
db:CNNVDid:CNNVD-201702-020
Trust: 0.7
db:CNVDid:CNVD-2017-01163
Trust: 0.6
db:VULHUBid:VHN-112012
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01163 // 
            
            
            
            VULHUB: VHN-112012 // 
            
            
            
            BID: 95941 // 
            
            
            
            JVNDB: JVNDB-2017-001473 // 
            
            
            
            CNNVD: CNNVD-201702-020 // 
            
            
            
            NVD: CVE-2017-3809

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fmc
Trust: 2.6
url:http://www.securityfocus.com/bid/95941
Trust: 1.1
url:http://www.securitytracker.com/id/1037776
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3809
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3809
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-01163 // 
            
            
            
            VULHUB: VHN-112012 // 
            
            
            
            BID: 95941 // 
            
            
            
            JVNDB: JVNDB-2017-001473 // 
            
            
            
            CNNVD: CNNVD-201702-020 // 
            
            
            
            NVD: CVE-2017-3809

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 95941

SOURCES
db:CNVDid:CNVD-2017-01163
db:VULHUBid:VHN-112012
db:BIDid:95941
db:JVNDBid:JVNDB-2017-001473
db:CNNVDid:CNNVD-201702-020
db:NVDid:CVE-2017-3809

LAST UPDATE DATE
2024-11-27T22:49:50.903000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01163date:2017-02-09T00:00:00
db:VULHUBid:VHN-112012date:2017-07-25T00:00:00
db:BIDid:95941date:2017-02-01T00:00:00
db:JVNDBid:JVNDB-2017-001473date:2017-02-22T00:00:00
db:CNNVDid:CNNVD-201702-020date:2017-02-06T00:00:00
db:NVDid:CVE-2017-3809date:2024-11-26T16:09:02.407

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-01163date:2017-02-07T00:00:00
db:VULHUBid:VHN-112012date:2017-02-03T00:00:00
db:BIDid:95941date:2017-02-01T00:00:00
db:JVNDBid:JVNDB-2017-001473date:2017-02-22T00:00:00
db:CNNVDid:CNNVD-201702-020date:2017-02-04T00:00:00
db:NVDid:CVE-2017-3809date:2017-02-03T07:59:00.687