CVE-2017-6625

high

Published 2017-05-03 · Modified 2026-05-13

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

7.1

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.1

Description

A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361.

Predictions

Exploit likelihood

80%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions
cisco	firepower_threat_defense	`6.0.0`
cisco	firepower_threat_defense	`6.0.1`
cisco	firepower_threat_defense	`6.1.0`
cisco	firepower_threat_defense	`6.1.0.2`
cisco	firepower_threat_defense	`6.2.0`
cisco	firepower_threat_defense	`6.2.1`
cisco	firepower_threat_defense	`6.2.2`

References

CWEs

CWE-399

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.