CVE-2017-6674 - Vulnerability Details - OpenCVE

A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Firesight System

Configuration 1 [-]

OR	cpe:2.3:a:cisco:firesight_system:6.0.1:::::::*
	cpe:2.3:a:cisco:firesight_system:6.1.0:::::::*
	cpe:2.3:a:cisco:firesight_system:6.2.0:::::::*
	cpe:2.3:a:cisco:firesight_system:6.2.1:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/98654
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2017-06-13T06:00:00

Updated: 2024-08-05T15:33:20.448Z

Reserved: 2017-03-09T00:00:00

Link: CVE-2017-6674

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-06-13T06:29:01.160

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-6674

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Firepower System Software", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Firepower System Software"}]}], "datePublic": "2017-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2."}], "problemTypes": [{"descriptions": [{"description": "URL Filtering Bypass Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-13T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "98654", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98654"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6674", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Firepower System Software", "version": {"version_data": [{"version_value": "Cisco Firepower System Software"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "URL Filtering Bypass Vulnerability"}]}]}, "references": {"reference_data": [{"name": "98654", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98654"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:33:20.448Z"}, "title": "CVE Program Container", "references": [{"name": "98654", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98654"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6674", "datePublished": "2017-06-13T06:00:00", "dateReserved": "2017-03-09T00:00:00", "dateUpdated": "2024-08-05T15:33:20.448Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firesight_system:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FDBF4E81-9679-480C-8DF8-5F6AEA96943B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firesight_system:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9C0DE8D-EE79-4B22-8880-8D4631858C6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firesight_system:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "389120A8-415E-4BBB-AFB6-C1283A7BD13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firesight_system:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "75531FCE-08FA-44F9-9E0F-574A3EB1A10E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de administraci\u00f3n de licencias de Cisco Firepower System Software podr\u00eda permitir a un atacante remoto no autenticado omitir los filtros de URL que se hayan configurado para un dispositivo afectado. M\u00e1s informaci\u00f3n: CSCvb16413. Versiones afectadas conocidas: 6.0.1, 6.1.0, 6.2.0 y 6.2.1. Versiones solucionadas conocidas: 6.2.1, 6.2.0.1 y 6.1.0.2."}], "id": "CVE-2017-6674", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-13T06:29:01.160", "references": [{"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98654"}, {"source": "psirt@cisco.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98654"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}