5.9

CVE-2017-3887

EPSS 0.56%
Published 07.04.2017 17:59:00
Last modified 20.04.2025 01:37:25
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Firepower Threat Defense Version6.0.1

Cisco ≫ Firepower Threat Defense Version6.1.0

Cisco ≫ Firepower Threat Defense Version6.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.56%	0.655

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

http://www.securityfocus.com/bid/97453

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3887

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3887

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3887

EUVD