What is the severity of CVE-2017-6766?

CVE-2017-6766 has been assigned a high severity rating due to its potential to allow unauthorized access.

How do I fix CVE-2017-6766?

To fix CVE-2017-6766, upgrade your Cisco Firepower System Software to a version that is not affected by this vulnerability.

What versions are affected by CVE-2017-6766?

CVE-2017-6766 affects Cisco Firepower System Software versions 5.4.0 through 6.2.2.

What type of attack can exploit CVE-2017-6766?

CVE-2017-6766 can be exploited by unauthenticated, remote attackers to bypass SSL decryption and inspection policies.

Is there a workaround for CVE-2017-6766?

There are no widely recommended workarounds for CVE-2017-6766 aside from upgrading to a patched version.

Vulnerability/
CVE-2017-6766

high

7.5

CWE

310

7/8/2017

5/8/2024

CVE-2017-6766

First published: Mon Aug 07 2017(Updated: )

A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firesight System	=5.4.0
Cisco Firesight System	=5.4.1
Cisco Firesight System	=6.0.0
Cisco Firesight System	=6.1.0
Cisco Firesight System	=6.2.0
Cisco Firesight System	=6.2.1
Cisco Firesight System	=6.2.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6766?
CVE-2017-6766 has been assigned a high severity rating due to its potential to allow unauthorized access.
How do I fix CVE-2017-6766?
To fix CVE-2017-6766, upgrade your Cisco Firepower System Software to a version that is not affected by this vulnerability.
What versions are affected by CVE-2017-6766?
CVE-2017-6766 affects Cisco Firepower System Software versions 5.4.0 through 6.2.2.
What type of attack can exploit CVE-2017-6766?
CVE-2017-6766 can be exploited by unauthenticated, remote attackers to bypass SSL decryption and inspection policies.
Is there a workaround for CVE-2017-6766?
There are no widely recommended workarounds for CVE-2017-6766 aside from upgrading to a patched version.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/author
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco firesight system
version/cisco firesight system/5.4.0
version/cisco firesight system/5.4.1
version/cisco firesight system/6.0.0
version/cisco firesight system/6.1.0
version/cisco firesight system/6.2.0
version/cisco firesight system/6.2.1
version/cisco firesight system/6.2.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.