ID

VAR-202005-0707


CVE

CVE-2020-3307


TITLE

Cisco Firepower Management Center Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-005429

DESCRIPTION

A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system. Cisco Firepower Management Center (FMC) The software contains an input verification vulnerability.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2020-3307 // JVNDB: JVNDB-2020-005429 // VULHUB: VHN-181432 // VULMON: CVE-2020-3307

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-005429 // NVD: CVE-2020-3307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3307
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3307
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005429
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-194
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181432
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3307
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3307
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005429
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181432
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3307
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3307
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-005429
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181432 // VULMON: CVE-2020-3307 // JVNDB: JVNDB-2020-005429 // CNNVD: CNNVD-202005-194 // NVD: CVE-2020-3307 // NVD: CVE-2020-3307

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181432 // JVNDB: JVNDB-2020-005429 // NVD: CVE-2020-3307

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-194

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-194

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005429

PATCH

title:cisco-sa-alfo-tHwFDmTEurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alfo-tHwFDmTE

Trust: 0.8

title:Cisco Firepower Management Center Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117799

Trust: 0.6

title:Cisco: Cisco Firepower Management Center Arbitrary Log File Write Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-alfo-tHwFDmTE

Trust: 0.1

title:CVE-2020-3307url:https://github.com/AlAIAL90/CVE-2020-3307

Trust: 0.1

sources: VULMON: CVE-2020-3307 // JVNDB: JVNDB-2020-005429 // CNNVD: CNNVD-202005-194

EXTERNAL IDS

db:NVDid:CVE-2020-3307

Trust: 2.6

db:JVNDBid:JVNDB-2020-005429

Trust: 0.8

db:CNNVDid:CNNVD-202005-194

Trust: 0.7

db:NSFOCUSid:47529

Trust: 0.6

db:AUSCERTid:ESB-2020.1614

Trust: 0.6

db:AUSCERTid:ESB-2020.1614.2

Trust: 0.6

db:CNVDid:CNVD-2020-27105

Trust: 0.1

db:VULHUBid:VHN-181432

Trust: 0.1

db:VULMONid:CVE-2020-3307

Trust: 0.1

sources: VULHUB: VHN-181432 // VULMON: CVE-2020-3307 // JVNDB: JVNDB-2020-005429 // CNNVD: CNNVD-202005-194 // NVD: CVE-2020-3307

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-alfo-thwfdmte

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-3307

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3307

Trust: 0.8

url:http://www.nsfocus.net/vulndb/47529

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1614/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1614.2/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/alaial90/cve-2020-3307

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-181432 // VULMON: CVE-2020-3307 // JVNDB: JVNDB-2020-005429 // CNNVD: CNNVD-202005-194 // NVD: CVE-2020-3307

SOURCES

db:VULHUBid:VHN-181432
db:VULMONid:CVE-2020-3307
db:JVNDBid:JVNDB-2020-005429
db:CNNVDid:CNNVD-202005-194
db:NVDid:CVE-2020-3307

LAST UPDATE DATE

2024-08-14T14:03:47.452000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181432date:2021-09-17T00:00:00
db:VULMONid:CVE-2020-3307date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2020-005429date:2020-06-15T00:00:00
db:CNNVDid:CNNVD-202005-194date:2020-08-10T00:00:00
db:NVDid:CVE-2020-3307date:2021-09-17T18:54:10.783

SOURCES RELEASE DATE

db:VULHUBid:VHN-181432date:2020-05-06T00:00:00
db:VULMONid:CVE-2020-3307date:2020-05-06T00:00:00
db:JVNDBid:JVNDB-2020-005429date:2020-06-15T00:00:00
db:CNNVDid:CNNVD-202005-194date:2020-05-06T00:00:00
db:NVDid:CVE-2020-3307date:2020-05-06T17:15:13.323