CVE-2017-12299

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 54.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Extensible Operating System

Timeline

PublishedNov 16

Latest updateMay 13

Description

A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is due to an implementation error that exists in the process of creating default IP blocks when the device is initialized, and the way in which those …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco_asa_next-generation_firewall_servicesCisco ASA Next-Generation Firewall Services

▶NVDcisco/firepower_extensible_operating_system2.2\(1.58\)

🔴Vulnerability Details

GHSA

GHSA-mm54-9jw6-25g6: A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that↗2022-05-13

▶

CVEList

CVE-2017-12299: A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that↗2017-11-16

▶

📋Vendor Advisories

Cisco

Cisco Firepower 4100 and 9300 Security Appliance Local Management Filtering Bypass Vulnerability↗2017-11-15

▶