Details of VAR-201706-0556

ID

VAR-201706-0556

CVE

CVE-2017-6674

TITLE

Cisco FirePOWER System software feature-license Set on the device in the management function URL Vulnerabilities that bypass the filter

Trust: 0.8

sources: JVNDB: JVNDB-2017-004812

DESCRIPTION

A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvb16413. The vulnerability stems from the fact that URL filtering licenses can be disabled

Trust: 1.98

sources: NVD: CVE-2017-6674 // JVNDB: JVNDB-2017-004812 // BID: 98654 // VULHUB: VHN-114877

AFFECTED PRODUCTS

vendor:	cisco	model:	firesight system	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	cisco	model:	firesight system	scope:	eq	version:	6.2.0	Trust: 1.6
vendor:	cisco	model:	firesight system	scope:	eq	version:	6.2.1	Trust: 1.6
vendor:	cisco	model:	firesight system	scope:	eq	version:	6.0.1	Trust: 1.6
vendor:	cisco	model:	firesight system software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2	Trust: 0.3
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1	Trust: 0.3
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	83606.2.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	83606.2	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	83606.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	83606.0.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	82606.2.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	82606.2	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	82606.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	82606.0.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	81406.2.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	81406.2	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	81406.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	81406.0.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	81206.2.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	81206.2	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	81206.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	81206.0.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	70506.2.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	70506.2	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	70506.1	Trust: 0.3
vendor:	cisco	model:	firepower appliance	scope:	eq	version:	70506.0.1	Trust: 0.3
vendor:	cisco	model:	amp	scope:	eq	version:	81506.2.1	Trust: 0.3
vendor:	cisco	model:	amp	scope:	eq	version:	81506.2	Trust: 0.3
vendor:	cisco	model:	amp	scope:	eq	version:	81506.1	Trust: 0.3
vendor:	cisco	model:	amp	scope:	eq	version:	81506.0.1	Trust: 0.3
vendor:	cisco	model:	amp	scope:	eq	version:	71506.2.1	Trust: 0.3
vendor:	cisco	model:	amp	scope:	eq	version:	71506.2	Trust: 0.3
vendor:	cisco	model:	amp	scope:	eq	version:	71506.1	Trust: 0.3
vendor:	cisco	model:	amp	scope:	eq	version:	71506.0.1	Trust: 0.3
vendor:	cisco	model:	firepower management center	scope:	ne	version:	6.1.0.2	Trust: 0.3

sources: BID: 98654 // JVNDB: JVNDB-2017-004812 // CNNVD: CNNVD-201705-1279 // NVD: CVE-2017-6674

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6674
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6674
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201705-1279
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114877
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6674
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114877
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6674
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114877 // JVNDB: JVNDB-2017-004812 // CNNVD: CNNVD-201705-1279 // NVD: CVE-2017-6674

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-114877 // JVNDB: JVNDB-2017-004812 // NVD: CVE-2017-6674

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1279

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201705-1279

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004812

PATCH

title:	cisco-sa-20170524-fmc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc	Trust: 0.8
title:	Cisco Firepower System Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70594	Trust: 0.6

sources: JVNDB: JVNDB-2017-004812 // CNNVD: CNNVD-201705-1279

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6674	Trust: 2.8
db:	BID	id:	98654	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-004812	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-1279	Trust: 0.7
db:	VULHUB	id:	VHN-114877	Trust: 0.1

sources: VULHUB: VHN-114877 // BID: 98654 // JVNDB: JVNDB-2017-004812 // CNNVD: CNNVD-201705-1279 // NVD: CVE-2017-6674

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170524-fmc	Trust: 2.0
url:	http://www.securityfocus.com/bid/98654	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6674	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6674	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114877 // BID: 98654 // JVNDB: JVNDB-2017-004812 // CNNVD: CNNVD-201705-1279 // NVD: CVE-2017-6674

CREDITS

Cisco.

Trust: 0.9

sources: BID: 98654 // CNNVD: CNNVD-201705-1279

SOURCES

db:	VULHUB	id:	VHN-114877
db:	BID	id:	98654
db:	JVNDB	id:	JVNDB-2017-004812
db:	CNNVD	id:	CNNVD-201705-1279
db:	NVD	id:	CVE-2017-6674

LAST UPDATE DATE

2025-04-20T23:23:44.789000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114877	date:	2017-06-20T00:00:00
db:	BID	id:	98654	date:	2017-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-004812	date:	2017-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201705-1279	date:	2017-05-26T00:00:00
db:	NVD	id:	CVE-2017-6674	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114877	date:	2017-06-13T00:00:00
db:	BID	id:	98654	date:	2017-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-004812	date:	2017-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201705-1279	date:	2017-05-26T00:00:00
db:	NVD	id:	CVE-2017-6674	date:	2017-06-13T06:29:01.160