CVE-2017-6632

HIGH

Cisco FirePOWER System Software 5.3.0-6.2.2 - Unauthenticated Denial of Service via Crafted TCP Packet Flood

Title source: llm

Description

A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98523

Scores

CVSS v3 7.5

EPSS 0.0239

EPSS Percentile 81.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-399 CWE-400

Status published

Products (12)

cisco/firepower_threat_defense 5.3.0

cisco/firepower_threat_defense 5.4.0

cisco/firepower_threat_defense 6.0.0

cisco/firepower_threat_defense 6.0.1

cisco/firepower_threat_defense 6.0.1.3

cisco/firepower_threat_defense 6.1.0

cisco/firepower_threat_defense 6.1.0.2

cisco/firepower_threat_defense 6.2.0

cisco/firepower_threat_defense 6.2.1

cisco/firepower_threat_defense 6.2.2

... and 2 more

Published May 22, 2017

Tracked Since Feb 18, 2026