CVE-2017-3809 - OpenCVE

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Firepower Management Center

Configuration 1 [-]

OR	cpe:2.3:a:cisco:firepower_management_center:6.1.0:::::::*
	cpe:2.3:a:cisco:firepower_management_center:6.2.0:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/95941
http://www.securitytracker.com/id/1037776
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2017-02-03T07:24:00

Updated: 2024-08-05T14:39:40.560Z

Reserved: 2016-12-21T00:00:00

Link: CVE-2017-3809

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-02-03T07:59:00.687

Modified: 2017-07-25T01:29:08.467

Link: CVE-2017-3809

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Firepower Management Center (FMC) 6.1.0 6.2.0", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Firepower Management Center (FMC) 6.1.0 6.2.0"}]}], "datePublic": "2017-02-02T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0."}], "problemTypes": [{"descriptions": [{"description": "prevent deployment of a complete and accurate rule base", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-24T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1037776", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037776"}, {"name": "95941", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95941"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-3809", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Firepower Management Center (FMC) 6.1.0 6.2.0", "version": {"version_data": [{"version_value": "Cisco Firepower Management Center (FMC) 6.1.0 6.2.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "prevent deployment of a complete and accurate rule base"}]}]}, "references": {"reference_data": [{"name": "1037776", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037776"}, {"name": "95941", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95941"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:40.560Z"}, "title": "CVE Program Container", "references": [{"name": "1037776", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037776"}, {"name": "95941", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95941"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-3809", "datePublished": "2017-02-03T07:24:00", "dateReserved": "2016-12-21T00:00:00", "dateUpdated": "2024-08-05T14:39:40.560Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2AC1B12A-A2EC-4C24-AEBC-944AE2939458", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9641FE9B-BC9F-472F-B53B-F4287EE2F17A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0."}, {"lang": "es", "value": "Una vulnerabilidad en el m\u00f3dulo de implementaci\u00f3n de Pol\u00edticas de Cisco Firepower Management Center (FMC) podr\u00eda permitir que un atacante remoto no autenticado prevenga el despliegue de una base de reglas completa y precisa. M\u00e1s informaci\u00f3n: CSCvb95281. Lanzamientos Afectados Conocidos: 6.1.0 6.2.0. Lanzamientos Reparados Conocidos: 6.1.0.1 6.2.0."}], "id": "CVE-2017-3809", "lastModified": "2017-07-25T01:29:08.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-03T07:59:00.687", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95941"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1037776"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}