Sign-up

ID

VAR-201705-3740


CVE

CVE-2017-6625


TITLE

Cisco Firepower Threat Defense and FirePOWER With modules Cisco ASA Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003771

DESCRIPTION

A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361. Vendors have confirmed this vulnerability Bug ID CSCvc84361 It is released as.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause cause a denial-of-service condition, denying service to legitimate users

Trust: 1.98

sources: NVD: CVE-2017-6625 // JVNDB: JVNDB-2017-003771 // BID: 98292 // VULHUB: VHN-114828

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.0

Trust: 1.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1

Trust: 1.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.0

Trust: 1.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.1.0

Trust: 1.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.2

Trust: 1.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.1.0.2

Trust: 1.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.1

Trust: 1.6

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower system softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.0.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0.2

Trust: 0.3

vendor:ciscomodel:adaptive security appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:6.1.0.3

Trust: 0.3

sources: BID: 98292 // JVNDB: JVNDB-2017-003771 // CNNVD: CNNVD-201705-205 // NVD: CVE-2017-6625

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6625
value: HIGH

Trust: 1.0

NVD: CVE-2017-6625
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201705-205
value: HIGH

Trust: 0.6

VULHUB: VHN-114828
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6625
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114828
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6625
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114828 // JVNDB: JVNDB-2017-003771 // CNNVD: CNNVD-201705-205 // NVD: CVE-2017-6625

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-114828 // JVNDB: JVNDB-2017-003771 // NVD: CVE-2017-6625

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-205

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201705-205

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003771

PATCH
title:cisco-sa-20170503-ftdurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ftd
Trust: 0.8
title:Cisco Firepower System Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69835
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003771 // 
            
            
            
            CNNVD: CNNVD-201705-205

EXTERNAL IDS
db:NVDid:CVE-2017-6625
Trust: 2.8
db:BIDid:98292
Trust: 2.0
db:SECTRACKid:1038397
Trust: 1.7
db:JVNDBid:JVNDB-2017-003771
Trust: 0.8
db:CNNVDid:CNNVD-201705-205
Trust: 0.7
db:VULHUBid:VHN-114828
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114828 // 
            
            
            
            BID: 98292 // 
            
            
            
            JVNDB: JVNDB-2017-003771 // 
            
            
            
            CNNVD: CNNVD-201705-205 // 
            
            
            
            NVD: CVE-2017-6625

REFERENCES
url:http://www.securityfocus.com/bid/98292
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170503-ftd
Trust: 2.0
url:http://www.securitytracker.com/id/1038397
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6625
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6625
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114828 // 
            
            
            
            BID: 98292 // 
            
            
            
            JVNDB: JVNDB-2017-003771 // 
            
            
            
            CNNVD: CNNVD-201705-205 // 
            
            
            
            NVD: CVE-2017-6625

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 98292

SOURCES
db:VULHUBid:VHN-114828
db:BIDid:98292
db:JVNDBid:JVNDB-2017-003771
db:CNNVDid:CNNVD-201705-205
db:NVDid:CVE-2017-6625

LAST UPDATE DATE
2024-11-23T22:01:09.510000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114828date:2019-10-09T00:00:00
db:BIDid:98292date:2017-05-18T16:18:00
db:JVNDBid:JVNDB-2017-003771date:2017-06-07T00:00:00
db:CNNVDid:CNNVD-201705-205date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6625date:2024-11-21T03:30:09.410

SOURCES RELEASE DATE
db:VULHUBid:VHN-114828date:2017-05-03T00:00:00
db:BIDid:98292date:2017-05-03T00:00:00
db:JVNDBid:JVNDB-2017-003771date:2017-06-07T00:00:00
db:CNNVDid:CNNVD-201705-205date:2017-05-04T00:00:00
db:NVDid:CVE-2017-6625date:2017-05-03T21:59:00.230