ID

VAR-202002-0697


CVE

CVE-2020-3169


TITLE

Cisco Firepower 4100 Series and Firepower 9300 Security Appliances FXOS Software Operating System Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-14808 // CNNVD: CNNVD-202002-1217

DESCRIPTION

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Cisco FXOS The software OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The Cisco Firepower 4100 Series and Cisco Firepower 9300 Security Appliance are both products of Cisco Corporation of the United States. The Cisco Firepower 9300 Security Appliance is a 9300 series security appliance. Cisco FXOS Software is a suite of firewall software that runs on Cisco security appliances. The Cisco Firepower 9300 Security Appliance is a 9300 series security appliance. The Cisco Firepower 4100 Series is a 4100 series firewall device

Trust: 2.16

sources: NVD: CVE-2020-3169 // JVNDB: JVNDB-2020-002252 // CNVD: CNVD-2020-14808

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14808

AFFECTED PRODUCTS

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.4.1.234

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.2

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.3.1.144

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.3

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.4

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.2.2.97

Trust: 1.0

vendor:ciscomodel:fx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower seriesscope:eqversion:4100

Trust: 0.6

vendor:ciscomodel:firepower security appliancesscope:eqversion:9300

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion:2.3.1.111

Trust: 0.6

vendor:ciscomodel:firepower 4110scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:firepower 4120scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion:2.4

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion:2.4.1.101

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion:2.3

Trust: 0.6

vendor:ciscomodel:firepower 4125scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion:2.2.2.91

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion:2.2

Trust: 0.6

vendor:ciscomodel:firepower 4115scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-14808 // JVNDB: JVNDB-2020-002252 // CNNVD: CNNVD-202002-1217 // NVD: CVE-2020-3169

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3169
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3169
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002252
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-14808
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-1217
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-3169
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002252
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-14808
severity: MEDIUM
baseScore: 6.5
vectorString: AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-3169
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3169
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002252
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14808 // JVNDB: JVNDB-2020-002252 // CNNVD: CNNVD-202002-1217 // NVD: CVE-2020-3169 // NVD: CVE-2020-3169

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2020-002252 // NVD: CVE-2020-3169

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-1217

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202002-1217

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002252

PATCH

title:cisco-sa-20200226-fpwr-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fpwr-cmdinj

Trust: 0.8

title:Patch for Cisco Firepower 4100 Series and Firepower 9300 Security Appliances FXOS Software Operating System Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/206243

Trust: 0.6

title:Cisco Firepower 4100 Series and Firepower 9300 Security Appliances FXOS Software Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110594

Trust: 0.6

sources: CNVD: CNVD-2020-14808 // JVNDB: JVNDB-2020-002252 // CNNVD: CNNVD-202002-1217

EXTERNAL IDS

db:NVDid:CVE-2020-3169

Trust: 3.0

db:JVNDBid:JVNDB-2020-002252

Trust: 0.8

db:CNVDid:CNVD-2020-14808

Trust: 0.6

db:NSFOCUSid:46037

Trust: 0.6

db:AUSCERTid:ESB-2020.0705.2

Trust: 0.6

db:AUSCERTid:ESB-2020.0705

Trust: 0.6

db:CNNVDid:CNNVD-202002-1217

Trust: 0.6

sources: CNVD: CNVD-2020-14808 // JVNDB: JVNDB-2020-002252 // CNNVD: CNNVD-202002-1217 // NVD: CVE-2020-3169

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-3169

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200226-fpwr-cmdinj

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3169

Trust: 0.8

url:http://www.nsfocus.net/vulndb/46037

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0705/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0705.2/

Trust: 0.6

sources: CNVD: CNVD-2020-14808 // JVNDB: JVNDB-2020-002252 // CNNVD: CNNVD-202002-1217 // NVD: CVE-2020-3169

SOURCES

db:CNVDid:CNVD-2020-14808
db:JVNDBid:JVNDB-2020-002252
db:CNNVDid:CNNVD-202002-1217
db:NVDid:CVE-2020-3169

LAST UPDATE DATE

2024-08-14T14:19:06.183000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-14808date:2020-03-02T00:00:00
db:JVNDBid:JVNDB-2020-002252date:2020-03-09T00:00:00
db:CNNVDid:CNNVD-202002-1217date:2020-03-09T00:00:00
db:NVDid:CVE-2020-3169date:2023-04-20T15:27:48.130

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-14808date:2020-03-02T00:00:00
db:JVNDBid:JVNDB-2020-002252date:2020-03-09T00:00:00
db:CNNVDid:CNNVD-202002-1217date:2020-02-26T00:00:00
db:NVDid:CVE-2020-3169date:2020-02-26T17:15:13.047