CVE-2017-3822

MEDIUM

Cisco Firepower Threat Defense 6.1.x - Unauthenticated Arbitrary Audit Log Entry via Logging Subsystem

Title source: llm
STIX 2.1

Description

A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037775
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95944

Scores

CVSS v3 5.3
EPSS 0.0148
EPSS Percentile 70.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-20
Status published
Products (2)
cisco/firepower_threat_defense 6.1.0
n/a/Cisco Firepower Threat Defense Software versions 6.1.x Cisco Firepower Threat Defense Software versions 6.1.x
Published Feb 03, 2017
Tracked Since Feb 18, 2026