Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3807Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Adaptive Security Appliance Software

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
8.8HIGHNVD
EPSS
17.2%
top 4.97%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedFeb 9
Latest updateMay 14

Description

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-77g6-4h48-g6wv: A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 92022-05-14
CVEList
CVE-2017-3807: A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 92017-02-09

💥Exploits & PoCs

1
Exploit-DB
Cisco ASA - WebVPN CIFS Handling Buffer Overflow2017-02-15

📋Vendor Advisories

1
Cisco
Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability2017-02-08
CVE-2017-3807 — Cisco vulnerability | cvebase