CVE-2017-6674
HIGHCisco Firepower System Software 6.0.1-6.2.1 - Unauthenticated URL Filter Bypass via Feature-License Management
Title source: llmDescription
A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98654
Mitigation, Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc
Scores
CVSS v3
7.5
EPSS
0.0142
EPSS Percentile
69.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (5)
cisco/firesight_system
6.0.1
cisco/firesight_system
6.1.0
cisco/firesight_system
6.2.0
cisco/firesight_system
6.2.1
n/a/Cisco Firepower System Software
Cisco Firepower System Software
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026