HomePentest-Tools.com Logo

Cisco Firepower URL Bypass Vulnerability CVE-2017-3814

Severity
CVSSv3 Score
5.8
Vulnerability description

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliances ability to block certain web content.

Risk description

The vulnerability is due to insufficient input validation checks within the systems access control rule criteria. An attacker could exploit this vulnerability by adding malicious text to the end of a URL string. An exploit could allow the attacker to bypass configured blocked websites.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 3, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available