CVE-2017-3870

{"id": "CVE-2017-3870", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2017-03-17T22:59:00.343", "references": [{"url": "http://www.securityfocus.com/bid/96907", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1038043", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010."}, {"lang": "es", "value": "Una vulnerabilidad en la caracter\u00edstica de filtrado de URL de Cisco AsyncOS Software para Cisco Web Security Appliance (WSA) podr\u00eda permitir a un atacante remoto no autenticado omitir una regla de filtro de URL configurada. Productos afectados: esta vulnerabilidad afecta a todas las versiones anteriores a la primera versi\u00f3n fija de Cisco AsyncOS Software para Cisco Web Security Appliance (WSA), tanto dispositivos virtuales como de hardware, que est\u00e1n configurados con filtros de URL para el an\u00e1lisis de correo electr\u00f3nico. M\u00e1s informaci\u00f3n: CSCvc69700. Lanzamientos afectados conocidos: 8.5.3-069 9.1.1-074 9.1.2-010."}], "lastModified": "2017-07-12T01:29:16.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.5.3-069:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77DFD74F-F90B-43C9-B1E6-B9727E395540"}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35F4D6C1-3493-400B-AAE8-E2C00AE53BE2"}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.1.2-010:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A74AFB73-5414-49C8-8209-9392E5406806"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}