ID

VAR-201703-0895


CVE

CVE-2017-3867


TITLE

Cisco Adaptive Security Appliance Software Border Gateway Protocol and Bidirectional Forwarding Detection Specific in the implementation of TCP and UDP For traffic ACL Vulnerability to avoid

Trust: 0.8

sources: JVNDB: JVNDB-2017-002482

DESCRIPTION

A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known Fixed Releases: 99.1(20.1) 99.1(10.2) 98.1(12.7) 98.1(1.49) 97.1(6.58) 97.1(0.134) 96.2(0.109) 9.7(1.1) 9.6(2.99) 9.6(2.8). Cisco Adaptive Security Appliance Software is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvc68229

Trust: 1.98

sources: NVD: CVE-2017-3867 // JVNDB: JVNDB-2017-002482 // BID: 96926 // VULHUB: VHN-112070

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6.2.8

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6.2.1

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6.2.2

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:6.3.1

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6.2

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6.2.7

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6.2.3

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6.2.9

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6.3

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:0

Trust: 0.3

sources: BID: 96926 // JVNDB: JVNDB-2017-002482 // CNNVD: CNNVD-201703-848 // NVD: CVE-2017-3867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3867
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3867
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-848
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112070
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3867
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112070
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3867
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112070 // JVNDB: JVNDB-2017-002482 // CNNVD: CNNVD-201703-848 // NVD: CVE-2017-3867

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-112070 // JVNDB: JVNDB-2017-002482 // NVD: CVE-2017-3867

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-848

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201703-848

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002482

PATCH

title:cisco-sa-20170315-asaurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asa

Trust: 0.8

title:Cisco Adaptive Security Appliances Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68640

Trust: 0.6

sources: JVNDB: JVNDB-2017-002482 // CNNVD: CNNVD-201703-848

EXTERNAL IDS

db:NVDid:CVE-2017-3867

Trust: 2.8

db:BIDid:96926

Trust: 2.0

db:SECTRACKid:1038051

Trust: 1.7

db:JVNDBid:JVNDB-2017-002482

Trust: 0.8

db:CNNVDid:CNNVD-201703-848

Trust: 0.7

db:VULHUBid:VHN-112070

Trust: 0.1

sources: VULHUB: VHN-112070 // BID: 96926 // JVNDB: JVNDB-2017-002482 // CNNVD: CNNVD-201703-848 // NVD: CVE-2017-3867

REFERENCES

url:http://www.securityfocus.com/bid/96926

Trust: 1.7

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-asa

Trust: 1.7

url:http://www.securitytracker.com/id/1038051

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3867

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-3867

Trust: 0.8

url:http://www.cisco.com

Trust: 0.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-asa

Trust: 0.3

sources: VULHUB: VHN-112070 // BID: 96926 // JVNDB: JVNDB-2017-002482 // CNNVD: CNNVD-201703-848 // NVD: CVE-2017-3867

CREDITS

Cisco

Trust: 0.3

sources: BID: 96926

SOURCES

db:VULHUBid:VHN-112070
db:BIDid:96926
db:JVNDBid:JVNDB-2017-002482
db:CNNVDid:CNNVD-201703-848
db:NVDid:CVE-2017-3867

LAST UPDATE DATE

2024-11-23T21:54:11.722000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-112070date:2019-10-03T00:00:00
db:BIDid:96926date:2017-03-23T03:00:00
db:JVNDBid:JVNDB-2017-002482date:2017-04-17T00:00:00
db:CNNVDid:CNNVD-201703-848date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3867date:2024-11-21T03:26:16.670

SOURCES RELEASE DATE

db:VULHUBid:VHN-112070date:2017-03-17T00:00:00
db:BIDid:96926date:2017-03-15T00:00:00
db:JVNDBid:JVNDB-2017-002482date:2017-04-17T00:00:00
db:CNNVDid:CNNVD-201703-848date:2017-03-20T00:00:00
db:NVDid:CVE-2017-3867date:2017-03-17T22:59:00.267