CVE-2017-3870 - OpenCVE

A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Web Security Appliance

Configuration 1 [-]

OR	cpe:2.3:a:cisco:web_security_appliance:8.5.3-069:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.2-010:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/96907	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038043
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2017-03-17T22:00:00

Updated: 2017-07-11T09:57:01

Reserved: 2016-12-21T00:00:00

Link: CVE-2017-3870

JSON object: View

NVD Information

Status : Modified

Published: 2017-03-17T22:59:00.343

Modified: 2017-07-12T01:29:16.737

Link: CVE-2017-3870

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "Cisco Web Security Appliance", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Web Security Appliance"}]}], "datePublic": "2017-03-17T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010."}], "problemTypes": [{"descriptions": [{"description": "URL Filtering Bypass Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa"}, {"name": "96907", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96907"}, {"name": "1038043", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038043"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-3870", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Web Security Appliance", "version": {"version_data": [{"version_value": "Cisco Web Security Appliance"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "URL Filtering Bypass Vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa"}, {"name": "96907", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96907"}, {"name": "1038043", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038043"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-3870", "datePublished": "2017-03-17T22:00:00", "dateReserved": "2016-12-21T00:00:00", "dateUpdated": "2017-07-11T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.5.3-069:*:*:*:*:*:*:*", "matchCriteriaId": "77DFD74F-F90B-43C9-B1E6-B9727E395540", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:*:*:*:*:*:*:*", "matchCriteriaId": "35F4D6C1-3493-400B-AAE8-E2C00AE53BE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.1.2-010:*:*:*:*:*:*:*", "matchCriteriaId": "A74AFB73-5414-49C8-8209-9392E5406806", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010."}, {"lang": "es", "value": "Una vulnerabilidad en la caracter\u00edstica de filtrado de URL de Cisco AsyncOS Software para Cisco Web Security Appliance (WSA) podr\u00eda permitir a un atacante remoto no autenticado omitir una regla de filtro de URL configurada. Productos afectados: esta vulnerabilidad afecta a todas las versiones anteriores a la primera versi\u00f3n fija de Cisco AsyncOS Software para Cisco Web Security Appliance (WSA), tanto dispositivos virtuales como de hardware, que est\u00e1n configurados con filtros de URL para el an\u00e1lisis de correo electr\u00f3nico. M\u00e1s informaci\u00f3n: CSCvc69700. Lanzamientos afectados conocidos: 8.5.3-069 9.1.1-074 9.1.2-010."}], "id": "CVE-2017-3870", "lastModified": "2017-07-12T01:29:16.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-17T22:59:00.343", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96907"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1038043"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}