CVE-2017-3814 — Improper Input Validation in Cisco Secure Firewall Management Center

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.2%

top 52.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Management Center

Timeline

PublishedFeb 3

Latest updateMay 17

Description

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDcisco/secure_firewall_management_center5 versions+4

🔴Vulnerability Details

GHSA

GHSA-6jr8-8wm2-r335: A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to bl↗2022-05-17

▶

CVEList

CVE-2017-3814: A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to bl↗2017-02-03

▶

📋Vendor Advisories

Cisco

Cisco Firepower URL Bypass Vulnerability↗2017-02-01

▶