VAR-201702-0785
Vulnerability from variot - Updated: 2025-04-20 23:25A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. This vulnerability "URL Bypass" It is called. Vendors have confirmed this vulnerability Bug ID CSCvb93980 It is released as.By a remote attacker Web Content blocking may be avoided. Cisco Firepower System Software is a next-generation firewall product (NGFW) from Cisco. A remote attacker can exploit the vulnerability by bypassing security restrictions by adding malicious text to the end of the URL string to perform unauthorized operations. This issue is being tracked by Cisco Bug IDCSCvb93980
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0785",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower management center",
"scope": "eq",
"trust": 1.4,
"vendor": "cisco",
"version": "5.3.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 1.4,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 1.4,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 1.4,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 1.4,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firepower system software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "firepower system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "BID",
"id": "95942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "95942"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3814",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3814",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-01166",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-112017",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-3814",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3814",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3814",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-01166",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-017",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-112017",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "VULHUB",
"id": "VHN-112017"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance\u0027s ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. This vulnerability \"URL Bypass\" It is called. Vendors have confirmed this vulnerability Bug ID CSCvb93980 It is released as.By a remote attacker Web Content blocking may be avoided. Cisco Firepower System Software is a next-generation firewall product (NGFW) from Cisco. A remote attacker can exploit the vulnerability by bypassing security restrictions by adding malicious text to the end of the URL string to perform unauthorized operations. \nThis issue is being tracked by Cisco Bug IDCSCvb93980",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3814"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "BID",
"id": "95942"
},
{
"db": "VULHUB",
"id": "VHN-112017"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3814",
"trust": 3.4
},
{
"db": "BID",
"id": "95942",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-01166",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-112017",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "VULHUB",
"id": "VHN-112017"
},
{
"db": "BID",
"id": "95942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
}
]
},
"id": "VAR-201702-0785",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "VULHUB",
"id": "VHN-112017"
}
],
"trust": 1.26578946
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
}
]
},
"last_update_date": "2025-04-20T23:25:06.942000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170201-fpw1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw1"
},
{
"title": "Cisco Firepower System Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67407"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112017"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fpw1"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95942"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3814"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3814"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fpw1 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "VULHUB",
"id": "VHN-112017"
},
{
"db": "BID",
"id": "95942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"db": "VULHUB",
"id": "VHN-112017"
},
{
"db": "BID",
"id": "95942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
},
{
"db": "NVD",
"id": "CVE-2017-3814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"date": "2017-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-112017"
},
{
"date": "2017-02-01T00:00:00",
"db": "BID",
"id": "95942"
},
{
"date": "2017-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"date": "2017-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-017"
},
{
"date": "2017-02-03T07:59:00.780000",
"db": "NVD",
"id": "CVE-2017-3814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01166"
},
{
"date": "2017-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-112017"
},
{
"date": "2017-02-02T07:05:00",
"db": "BID",
"id": "95942"
},
{
"date": "2017-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001474"
},
{
"date": "2017-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-017"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3814"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower System Software Specific in Web Vulnerability that bypasses content blocking",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001474"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-017"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…