First published: Fri Feb 03 2017(Updated: )
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Secure Firewall Management Center | =5.3.0 | |
Cisco Secure Firewall Management Center | =5.4.0 | |
Cisco Secure Firewall Management Center | =6.0.0 | |
Cisco Secure Firewall Management Center | =6.0.1 | |
Cisco Secure Firewall Management Center | =6.1.0 | |
Cisco Firepower Management Center Software | =5.3.0 | |
Cisco Firepower Management Center Software | =5.4.0 | |
Cisco Firepower Management Center Software | =6.0.0 | |
Cisco Firepower Management Center Software | =6.0.1 | |
Cisco Firepower Management Center Software | =6.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-3814 is considered a high severity vulnerability that allows unauthenticated remote attackers to bypass URL filtering.
To fix CVE-2017-3814, upgrade to the latest version of Cisco Firepower System Software as specified in the advisory.
CVE-2017-3814 affects Cisco Secure Firewall Management Center and Cisco Firepower Management Center Software versions 5.3.0, 5.4.0, 6.0.0, 6.0.1, and 6.1.0.
CVE-2017-3814 cannot be exploited locally as it requires remote access and does not require authentication.
CVE-2017-3814 impacts the appliance's ability to block certain web content, effectively allowing attacks to bypass content filtering mechanisms.