CVE-2017-3867

MEDIUM

Cisco Adaptive Security Appliance Software - Unauthenticated Access Control Bypass via BGP BFD Implementation

Title source: llm

Description

A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known Fixed Releases: 99.1(20.1) 99.1(10.2) 98.1(12.7) 98.1(1.49) 97.1(6.58) 97.1(0.134) 96.2(0.109) 9.7(1.1) 9.6(2.99) 9.6(2.8).

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96926

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038051

Mitigation, Vendor Advisory x_refsource_confirm

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asa

Scores

CVSS v3 5.3

EPSS 0.0143

EPSS Percentile 69.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-287

Status published

Products (10)

cisco/adaptive_security_appliance_software 6.3.1

cisco/adaptive_security_appliance_software 9.6.2

cisco/adaptive_security_appliance_software 9.6.2.1

cisco/adaptive_security_appliance_software 9.6.2.2

cisco/adaptive_security_appliance_software 9.6.2.3

cisco/adaptive_security_appliance_software 9.6.2.7

cisco/adaptive_security_appliance_software 9.6.2.8

cisco/adaptive_security_appliance_software 9.6.2.9

cisco/adaptive_security_appliance_software 9.6.3

n/a/Cisco Adaptive Security Appliance Cisco Adaptive Security Appliance

Published Mar 17, 2017

Tracked Since Feb 18, 2026