Details of VAR-202005-0703

ID

VAR-202005-0703

CVE

CVE-2020-3302

TITLE

Cisco Firepower Management Center Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-005202

DESCRIPTION

A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted file to the web UI on an affected device. A successful exploit could allow the attacker to overwrite files on the file system of the affected device

Trust: 1.8

sources: NVD: CVE-2020-3302 // JVNDB: JVNDB-2020-005202 // VULHUB: VHN-181427 // VULMON: CVE-2020-3302

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	lt	version:	6.2.2.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.0.3	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.1.0	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.1.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.2.0	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.3.0	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.8	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.9	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.10	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.11	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.2	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.3	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.4	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.5	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.6	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.7	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.8	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.9	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.12	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.13	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.14	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.15	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.13	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.13.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.13.2	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.13.3	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.13.4	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.13.5	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.13.6	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.14.0	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.14.2	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.14.3	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.14.4	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.14.5	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.15	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.16	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	3.0.0	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	4.10.3.9	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.0.0	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.0.2	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.0.3	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.0.4	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.1.3	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.1.4	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.1.5	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.1.6	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3 base	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.0	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.0.2	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1.2	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1.3	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1.4	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1.5	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1.6	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4 base	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.0	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.0.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.1.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.1.2	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.1.3	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.1.4	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0 base	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.2	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.3	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.4	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.5	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.6	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.7	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.2	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.3	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.4	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.5	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.6	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.1	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.2	Trust: 0.1
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.2.1	Trust: 0.1

sources: VULMON: CVE-2020-3302 // JVNDB: JVNDB-2020-005202 // NVD: CVE-2020-3302

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3302
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3302
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-005202
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-227
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181427
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-3302
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3302
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005202
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181427
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3302
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3302
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-005202
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181427 // VULMON: CVE-2020-3302 // JVNDB: JVNDB-2020-005202 // CNNVD: CNNVD-202005-227 // NVD: CVE-2020-3302 // NVD: CVE-2020-3302

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-181427 // JVNDB: JVNDB-2020-005202 // NVD: CVE-2020-3302

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-227

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-227

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005202

PATCH

title:	cisco-sa-fmcai-z5dQObVN	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcai-z5dQObVN	Trust: 0.8
title:	Cisco Firepower Management Center Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118618	Trust: 0.6
title:	Cisco: Cisco Firepower Management Center File Overwrite Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-fmcai-z5dQObVN	Trust: 0.1

sources: VULMON: CVE-2020-3302 // JVNDB: JVNDB-2020-005202 // CNNVD: CNNVD-202005-227

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3302	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-005202	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-227	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1614	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1614.2	Trust: 0.6
db:	NSFOCUS	id:	47557	Trust: 0.6
db:	CNVD	id:	CNVD-2020-31109	Trust: 0.1
db:	VULHUB	id:	VHN-181427	Trust: 0.1
db:	VULMON	id:	CVE-2020-3302	Trust: 0.1

sources: VULHUB: VHN-181427 // VULMON: CVE-2020-3302 // JVNDB: JVNDB-2020-005202 // CNNVD: CNNVD-202005-227 // NVD: CVE-2020-3302

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmcai-z5dqobvn	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3302	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3302	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47557	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1614/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1614.2/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/181498	Trust: 0.1

sources: VULHUB: VHN-181427 // VULMON: CVE-2020-3302 // JVNDB: JVNDB-2020-005202 // CNNVD: CNNVD-202005-227 // NVD: CVE-2020-3302

SOURCES

db:	VULHUB	id:	VHN-181427
db:	VULMON	id:	CVE-2020-3302
db:	JVNDB	id:	JVNDB-2020-005202
db:	CNNVD	id:	CNNVD-202005-227
db:	NVD	id:	CVE-2020-3302

LAST UPDATE DATE

2024-08-14T14:03:47.359000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181427	date:	2021-10-12T00:00:00
db:	VULMON	id:	CVE-2020-3302	date:	2020-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-005202	date:	2020-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202005-227	date:	2020-08-10T00:00:00
db:	NVD	id:	CVE-2020-3302	date:	2021-10-12T14:00:12.257

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181427	date:	2020-05-06T00:00:00
db:	VULMON	id:	CVE-2020-3302	date:	2020-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-005202	date:	2020-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202005-227	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2020-3302	date:	2020-05-06T17:15:13.073