ID

VAR-202005-0684


CVE

CVE-2020-3186


TITLE

Cisco Firepower Threat Defense Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-005186

DESCRIPTION

A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the configuration of different management access lists, with ports allowed in one access list and denied in another. An attacker could exploit this vulnerability by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could allow the attacker to bypass the configured management access list policies, and traffic to the management interface would not be properly denied. Cisco Firepower Threat Defense (FTD) The software contains an input verification vulnerability.Information may be tampered with. Cisco FTD versions 6.3.0, 6.4.0, and 6.5.0 have an access control error vulnerability. is prohibited

Trust: 1.8

sources: NVD: CVE-2020-3186 // JVNDB: JVNDB-2020-005186 // VULHUB: VHN-181311 // VULMON: CVE-2020-3186

AFFECTED PRODUCTS

vendor:ciscomodel:asa 5540scope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:asa 5520scope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:asa 5510scope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:asa 5540scope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:asa 5550scope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.5.0.2

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.7

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.6

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:asa 5510scope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:asa 5520scope:eqversion:201.5\(23.16\)

Trust: 1.0

vendor:ciscomodel:asa 5550scope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:9.12\(1.6\)

Trust: 1.0

vendor:ciscomodel:asa 5505scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5510scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5512-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5515-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5520scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5525-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5540scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5545-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5550scope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0.1

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0.2

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0.3

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0.4

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.3.0.5

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.1

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.2

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.3

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.4

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.5

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.4.0.6

Trust: 0.1

vendor:ciscomodel:firepower threat defensescope:eqversion:6.5.0

Trust: 0.1

vendor:ciscomodel:asa 5505scope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5505scope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5510scope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5510scope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5512-xscope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5512-xscope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5515-xscope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5515-xscope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5520scope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5520scope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5525-xscope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5525-xscope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5540scope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5540scope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5545-xscope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5545-xscope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5550scope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5550scope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5555-xscope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5555-xscope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5580scope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5580scope:eqversion:201.5(23.16)

Trust: 0.1

vendor:ciscomodel:asa 5585-xscope:eqversion:9.12(1.6)

Trust: 0.1

vendor:ciscomodel:asa 5585-xscope:eqversion:201.5(23.16)

Trust: 0.1

sources: VULMON: CVE-2020-3186 // JVNDB: JVNDB-2020-005186 // NVD: CVE-2020-3186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3186
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3186
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005186
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-199
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181311
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3186
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3186
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005186
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181311
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3186
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3186
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-005186
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181311 // VULMON: CVE-2020-3186 // JVNDB: JVNDB-2020-005186 // CNNVD: CNNVD-202005-199 // NVD: CVE-2020-3186 // NVD: CVE-2020-3186

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-181311 // JVNDB: JVNDB-2020-005186 // NVD: CVE-2020-3186

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-199

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202005-199

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005186

PATCH

title:cisco-sa-ftd-accesslist-bypass-5dZs5qZpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-accesslist-bypass-5dZs5qZp

Trust: 0.8

title:Cisco Firepower Threat Defense Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118789

Trust: 0.6

title:Cisco: Cisco Firepower Threat Defense Software Management Access List Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ftd-accesslist-bypass-5dZs5qZp

Trust: 0.1

sources: VULMON: CVE-2020-3186 // JVNDB: JVNDB-2020-005186 // CNNVD: CNNVD-202005-199

EXTERNAL IDS

db:NVDid:CVE-2020-3186

Trust: 2.6

db:JVNDBid:JVNDB-2020-005186

Trust: 0.8

db:CNNVDid:CNNVD-202005-199

Trust: 0.7

db:AUSCERTid:ESB-2020.1614

Trust: 0.6

db:AUSCERTid:ESB-2020.1614.2

Trust: 0.6

db:VULHUBid:VHN-181311

Trust: 0.1

db:VULMONid:CVE-2020-3186

Trust: 0.1

sources: VULHUB: VHN-181311 // VULMON: CVE-2020-3186 // JVNDB: JVNDB-2020-005186 // CNNVD: CNNVD-202005-199 // NVD: CVE-2020-3186

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-accesslist-bypass-5dzs5qzp

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-3186

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3186

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.1614/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1614.2/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181517

Trust: 0.1

sources: VULHUB: VHN-181311 // VULMON: CVE-2020-3186 // JVNDB: JVNDB-2020-005186 // CNNVD: CNNVD-202005-199 // NVD: CVE-2020-3186

SOURCES

db:VULHUBid:VHN-181311
db:VULMONid:CVE-2020-3186
db:JVNDBid:JVNDB-2020-005186
db:CNNVDid:CNNVD-202005-199
db:NVDid:CVE-2020-3186

LAST UPDATE DATE

2024-08-14T14:03:47.295000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181311date:2021-08-12T00:00:00
db:VULMONid:CVE-2020-3186date:2020-05-12T00:00:00
db:JVNDBid:JVNDB-2020-005186date:2020-06-09T00:00:00
db:CNNVDid:CNNVD-202005-199date:2020-05-15T00:00:00
db:NVDid:CVE-2020-3186date:2021-08-12T18:19:01.017

SOURCES RELEASE DATE

db:VULHUBid:VHN-181311date:2020-05-06T00:00:00
db:VULMONid:CVE-2020-3186date:2020-05-06T00:00:00
db:JVNDBid:JVNDB-2020-005186date:2020-06-09T00:00:00
db:CNNVDid:CNNVD-202005-199date:2020-05-06T00:00:00
db:NVDid:CVE-2020-3186date:2020-05-06T17:15:12.010