CVE-2017-6632

high Cisco
CVSS v3 Base Score
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
1.4%
Exploitation probability in 30 days
Top 20% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: May 22, 2017 (3279 days ago)
Last Modified: May 13, 2026
Vendor: Cisco
Source: NVD

Description

A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072.

CWE

CWE-399

Affected Products

cisco firepower threat defense

References

🔗 www.securityfocus.com 🔗 tools.cisco.com 🔗 www.securityfocus.com 🔗 tools.cisco.com