Vulnerability Name:

CVE-2007-5571 (CCN-37258)

Assigned:2007-10-17
Published:2007-10-17
Updated:2019-08-01
Summary:Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2007-5571

Source: CCN
Type: SA27236
Cisco FWSM HTTPS/MGCP Packet Processing Denial of Service

Source: SECUNIA
Type: Third Party Advisory
27236

Source: CCN
Type: SECTRACK ID: 1018825
Cisco Firewall Service Module HTTPS and MGCP Processing Bugs Let Remote Users Deny Service

Source: CISCO
Type: Vendor Advisory
20071017 Multiple Vulnerabilities in Firewall Services Module

Source: CCN
Type: cisco-sa-20071017-fwsm
Multiple Vulnerabilities in Firewall Services Module

Source: CCN
Type: OSVDB ID: 37946
Cisco Firewall Services Module (FWSM) ACL Manipulation Unspecified Corruption

Source: BID
Type: Third Party Advisory, VDB Entry
26109

Source: CCN
Type: BID-26109
Cisco Firewall Services Module Multiple DoS and ACL Corruption Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1018825

Source: VUPEN
Type: Permissions Required
ADV-2007-3530

Source: XF
Type: Third Party Advisory, VDB Entry
cisco-fwsm-ace-security-bypass(37258)

Source: XF
Type: UNKNOWN
cisco-fwsm-ace-security-bypass(37258)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:cisco:firewall_services_module:*:*:*:*:*:*:*:* (Version >= 3.1 and <= 3.1(6))
  • OR cpe:/h:cisco:firewall_services_module:*:*:*:*:*:*:*:* (Version >= 3.2 and <= 3.2(2))

    • Configuration CCN 1:
  • cpe:/h:cisco:firewall_services_module:3.2(1):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firewall_services_module:3.1(5):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firewall_services_module:3.1(6):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firewall_services_module:3.2(2):*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco firewall services module *
    cisco firewall services module *
    cisco firewall services module 3.2(1)
    cisco firewall services module 3.1(5)
    cisco firewall services module 3.1(6)
    cisco firewall services module 3.2(2)