CVE-2017-6674

HIGH

Cisco Firepower System Software 6.0.1-6.2.1 - Unauthenticated URL Filter Bypass via Feature-License Management

Title source: llm
STIX 2.1

Description

A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98654

Scores

CVSS v3 7.5
EPSS 0.0142
EPSS Percentile 69.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (5)
cisco/firesight_system 6.0.1
cisco/firesight_system 6.1.0
cisco/firesight_system 6.2.0
cisco/firesight_system 6.2.1
n/a/Cisco Firepower System Software Cisco Firepower System Software
Published Jun 13, 2017
Tracked Since Feb 18, 2026