Cisco Firepower URL Bypass Vulnerability CVE-2017-3814
- CVSSv3 Score
- Vulnerability description
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliances ability to block certain web content.
- Risk description
The vulnerability is due to insufficient input validation checks within the systems access control rule criteria. An attacker could exploit this vulnerability by adding malicious text to the end of a URL string. An exploit could allow the attacker to bypass configured blocked websites.
See the referenced vendor advisory for a solution.
- Not available