var-201702-0785
Vulnerability from variot
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. This vulnerability "URL Bypass" It is called. Vendors have confirmed this vulnerability Bug ID CSCvb93980 It is released as.By a remote attacker Web Content blocking may be avoided. Cisco Firepower System Software is a next-generation firewall product (NGFW) from Cisco. A remote attacker can exploit the vulnerability by bypassing security restrictions by adding malicious text to the end of the URL string to perform unauthorized operations. This issue is being tracked by Cisco Bug IDCSCvb93980
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0785",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower management center",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "5.3.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower system software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "firepower system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "BID",
"id": "95942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3814"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "95942"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3814",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-3814",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-01166",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-112017",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-3814",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3814",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-01166",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-017",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-112017",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "VULHUB",
"id": "VHN-112017"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance\u0027s ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. This vulnerability \"URL Bypass\" It is called. Vendors have confirmed this vulnerability Bug ID CSCvb93980 It is released as.By a remote attacker Web Content blocking may be avoided. Cisco Firepower System Software is a next-generation firewall product (NGFW) from Cisco. A remote attacker can exploit the vulnerability by bypassing security restrictions by adding malicious text to the end of the URL string to perform unauthorized operations. \nThis issue is being tracked by Cisco Bug IDCSCvb93980",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3814"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "BID",
"id": "95942"
},
{
"db": "VULHUB",
"id": "VHN-112017"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3814",
"trust": 3.4
},
{
"db": "BID",
"id": "95942",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-01166",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-112017",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "VULHUB",
"id": "VHN-112017"
},
{
"db": "BID",
"id": "95942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
]
},
"id": "VAR-201702-0785",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "VULHUB",
"id": "VHN-112017"
}
],
"trust": 1.2369458
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
}
]
},
"last_update_date": "2023-12-18T14:05:51.174000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170201-fpw1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fpw1"
},
{
"title": "Cisco Firepower System Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67407"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112017"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fpw1"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95942"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3814"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3814"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fpw1 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "VULHUB",
"id": "VHN-112017"
},
{
"db": "BID",
"id": "95942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "VULHUB",
"id": "VHN-112017"
},
{
"db": "BID",
"id": "95942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"date": "2017-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-112017"
},
{
"date": "2017-02-01T00:00:00",
"db": "BID",
"id": "95942"
},
{
"date": "2017-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"date": "2017-02-03T07:59:00.780000",
"db": "NVD",
"id": "CVE-2017-3814"
},
{
"date": "2017-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"date": "2017-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-112017"
},
{
"date": "2017-02-02T07:05:00",
"db": "BID",
"id": "95942"
},
{
"date": "2017-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"date": "2017-02-09T21:41:31.097000",
"db": "NVD",
"id": "CVE-2017-3814"
},
{
"date": "2017-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower System Software Specific in Web Vulnerability that bypasses content blocking",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.