Vulnerability Details : CVE-2017-12303
A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943.
Products affected by CVE-2017-12303
- cpe:2.3:o:cisco:asyncos:10.1.1-234:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:asyncos:10.1.1-235:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12303
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12303
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2017-12303
-
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2017-12303
-
http://www.securitytracker.com/id/1039828
Cisco Web Security Appliance File Hashing Error Lets Remote Users Bypass Advanced Malware Protection on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa
Cisco Web Security Appliance Advanced Malware Protection File Bypass VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/101932
Cisco Web Security Appliance CVE-2017-12303 Remote Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to