5.9

CVE-2017-3887

EPSS 0.56%
Veröffentlicht 07.04.2017 17:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Firepower Threat Defense Version6.0.1

Cisco ≫ Firepower Threat Defense Version6.1.0

Cisco ≫ Firepower Threat Defense Version6.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.655

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

http://www.securityfocus.com/bid/97453

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3887

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3887

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3887

EUVD