Sign-up

ID

VAR-202005-0707


CVE

CVE-2020-3307


TITLE

Cisco Firepower Management Center Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-005429

DESCRIPTION

A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system. Cisco Firepower Management Center (FMC) The software contains an input verification vulnerability.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2020-3307 // JVNDB: JVNDB-2020-005429 // VULHUB: VHN-181432 // VULMON: CVE-2020-3307

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-005429 // NVD: CVE-2020-3307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3307
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3307
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005429
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-194
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181432
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3307
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3307
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005429
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181432
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3307
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3307
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-005429
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181432 // VULMON: CVE-2020-3307 // JVNDB: JVNDB-2020-005429 // CNNVD: CNNVD-202005-194 // NVD: CVE-2020-3307 // NVD: CVE-2020-3307

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181432 // JVNDB: JVNDB-2020-005429 // NVD: CVE-2020-3307

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-194

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-194

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005429

PATCH
title:cisco-sa-alfo-tHwFDmTEurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alfo-tHwFDmTE
Trust: 0.8
title:Cisco Firepower Management Center Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117799
Trust: 0.6
title:Cisco: Cisco Firepower Management Center Arbitrary Log File Write Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-alfo-tHwFDmTE
Trust: 0.1
title:CVE-2020-3307url:https://github.com/AlAIAL90/CVE-2020-3307 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3307 // 
            
            
            
            JVNDB: JVNDB-2020-005429 // 
            
            
            
            CNNVD: CNNVD-202005-194

EXTERNAL IDS
db:NVDid:CVE-2020-3307
Trust: 2.6
db:JVNDBid:JVNDB-2020-005429
Trust: 0.8
db:CNNVDid:CNNVD-202005-194
Trust: 0.7
db:NSFOCUSid:47529
Trust: 0.6
db:AUSCERTid:ESB-2020.1614
Trust: 0.6
db:AUSCERTid:ESB-2020.1614.2
Trust: 0.6
db:CNVDid:CNVD-2020-27105
Trust: 0.1
db:VULHUBid:VHN-181432
Trust: 0.1
db:VULMONid:CVE-2020-3307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181432 // 
            
            
            
            VULMON: CVE-2020-3307 // 
            
            
            
            JVNDB: JVNDB-2020-005429 // 
            
            
            
            CNNVD: CNNVD-202005-194 // 
            
            
            
            NVD: CVE-2020-3307

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-alfo-thwfdmte
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2020-3307
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3307
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47529
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1614/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1614.2/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://github.com/alaial90/cve-2020-3307
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181432 // 
            
            
            
            VULMON: CVE-2020-3307 // 
            
            
            
            JVNDB: JVNDB-2020-005429 // 
            
            
            
            CNNVD: CNNVD-202005-194 // 
            
            
            
            NVD: CVE-2020-3307

SOURCES
db:VULHUBid:VHN-181432
db:VULMONid:CVE-2020-3307
db:JVNDBid:JVNDB-2020-005429
db:CNNVDid:CNNVD-202005-194
db:NVDid:CVE-2020-3307

LAST UPDATE DATE
2024-08-14T14:03:47.452000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181432date:2021-09-17T00:00:00
db:VULMONid:CVE-2020-3307date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2020-005429date:2020-06-15T00:00:00
db:CNNVDid:CNNVD-202005-194date:2020-08-10T00:00:00
db:NVDid:CVE-2020-3307date:2021-09-17T18:54:10.783

SOURCES RELEASE DATE
db:VULHUBid:VHN-181432date:2020-05-06T00:00:00
db:VULMONid:CVE-2020-3307date:2020-05-06T00:00:00
db:JVNDBid:JVNDB-2020-005429date:2020-06-15T00:00:00
db:CNNVDid:CNNVD-202005-194date:2020-05-06T00:00:00
db:NVDid:CVE-2020-3307date:2020-05-06T17:15:13.323