Vulnerability Name:

CVE-2017-3885 (CCN-124167)

Assigned:2016-12-21
Published:2017-04-05
Updated:2019-10-03
Summary:A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-400
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2017-3885

Source: BID
Type: Third Party Advisory, VDB Entry
97451

Source: CCN
Type: BID-97451
Cisco Firepower System Software CVE-2017-3885 Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
cisco-cve20173885-dos(124167)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20170405-cfpw
Cisco Firepower Detection Engine SSL Denial of Service Vulnerability

Source: CONFIRM
Type: Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:firepower_management_center:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_management_center:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_management_center:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_management_center:6.2.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:firepower_system_software:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_system_software:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_system_software:6.2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco firepower management center 6.0.0
    cisco firepower management center 6.1.0
    cisco firepower management center 6.2.0
    cisco firepower management center 6.2.1
    cisco firepower system software 6.1.0
    cisco firepower system software 6.2.0
    cisco firepower system software 6.2.1