CVE-2017-3809 — Improper Input Validation in Cisco Secure Firewall Management Center

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.3%

top 46.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Management Center

Timeline

PublishedFeb 3

Latest updateMay 17

Description

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDcisco/secure_firewall_management_center6.1.0, 6.2.0+1

🔴Vulnerability Details

GHSA

GHSA-vm9g-p7f2-j795: A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prev↗2022-05-17

▶

CVEList

CVE-2017-3809: A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prev↗2017-02-03

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Incomplete Rule Set Vulnerability↗2017-02-01

▶