CVE-2017-3870
MEDIUMCisco AsyncOS - Auth Bypass
Title source: llmDescription
A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010.
Scores
CVSS v3
5.8
EPSS
0.0025
EPSS Percentile
48.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Classification
CWE
CWE-119
Status
published
Affected Products (4)
cisco/web_security_appliance
cisco/web_security_appliance
cisco/web_security_appliance
n/a/Cisco Web Security Appliance
< Cisco Web Security Appliance
Timeline
Published
Mar 17, 2017
Tracked Since
Feb 18, 2026