CVE-2017-3822
MEDIUMCisco Firepower Threat Defense 6.1.x - Unauthenticated Arbitrary Audit Log Entry via Logging Subsystem
Title source: llmDescription
A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037775
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95944
Scores
CVSS v3
5.3
EPSS
0.0148
EPSS Percentile
70.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (2)
cisco/firepower_threat_defense
6.1.0
n/a/Cisco Firepower Threat Defense Software versions 6.1.x
Cisco Firepower Threat Defense Software versions 6.1.x
Published
Feb 03, 2017
Tracked Since
Feb 18, 2026