PT-2017-17235 · Cisco · Cisco Firepower System

Publicado

2017-06-13

Atualizado

2017-06-20

CVE-2017-6674

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cisco Firepower System Software versions 6.0.1 through 6.2.1

Description A vulnerability in the feature-license management functionality could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device.

Recommendations For version 6.0.1, update to version 6.1.0.2 or later. For version 6.1.0, update to version 6.1.0.2 or later. For version 6.2.0, update to version 6.2.0.1 or later. For version 6.2.1, update to a later version, as 6.2.1 is also listed as a fixed release, implying that only specific builds or configurations of 6.2.1 are vulnerable.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2017-6674

Produtos afetados

Cisco Firepower System

PT-2017-17235 · Cisco · Cisco Firepower System

CVE-2017-6674

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4