ID
VAR-202005-0716
CVE
CVE-2020-3318
TITLE
Cisco Firepower Management Center Software and Firepower User Agent Vulnerabilities in the use of hard-coded credentials in software
Trust: 0.8
sources:
JVNDB: JVNDB-2020-005034
DESCRIPTION
Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. (DoS) It may be put into a state. A trust management issue vulnerability exists in Cisco FMC Software due to the use of default static passwords for system accounts that cannot be changed by system administrators. A remote attacker could use this account to exploit this vulnerability to gain access to sensitive parts of the system
Trust: 1.8
sources:
NVD: CVE-2020-3318 //
JVNDB: JVNDB-2020-005034 //
VULHUB: VHN-181443 //
VULMON: CVE-2020-3318
AFFECTED PRODUCTS
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 2.0.3 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 2.1.0 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 2.1.1 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 2.2.0 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 2.3.0 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 5.0.0 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.0.0 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.1.0 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.2.0 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.2.3 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.3.0 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.4.0 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | eq | version: | 6.5.0 | Trust: 1.1 |
| vendor: | cisco | model: | firepower management center | scope: | - | version: | - | Trust: 0.8 |
sources:
VULMON: CVE-2020-3318 //
JVNDB: JVNDB-2020-005034 //
NVD: CVE-2020-3318
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-181443 //
VULMON: CVE-2020-3318 //
JVNDB: JVNDB-2020-005034 //
CNNVD: CNNVD-202005-189 //
NVD: CVE-2020-3318 //
NVD: CVE-2020-3318
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.9 |
sources:
VULHUB: VHN-181443 //
JVNDB: JVNDB-2020-005034 //
NVD: CVE-2020-3318
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202005-189
TYPE
trust management problem
Trust: 0.6
sources:
CNNVD: CNNVD-202005-189
CONFIGURATIONS
sources:
JVNDB: JVNDB-2020-005034
PATCH
| title: | cisco-sa-fmcua-statcred-weeCcZct | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcua-statcred-weeCcZct | Trust: 0.8 |
| title: | Cisco Firepower Management Center Repair measures for trust management problem vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118142 | Trust: 0.6 |
| title: | Cisco: Cisco Firepower Management Center Static Credential Vulnerabilities | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-fmcua-statcred-weeCcZct | Trust: 0.1 |
sources:
VULMON: CVE-2020-3318 //
JVNDB: JVNDB-2020-005034 //
CNNVD: CNNVD-202005-189
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-3318 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2020-005034 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202005-189 | Trust: 0.7 |
| db: | AUSCERT | id: | ESB-2020.1614 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2020.1614.2 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2020-27104 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-181443 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2020-3318 | Trust: 0.1 |
sources:
VULHUB: VHN-181443 //
VULMON: CVE-2020-3318 //
JVNDB: JVNDB-2020-005034 //
CNNVD: CNNVD-202005-189 //
NVD: CVE-2020-3318
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmcua-statcred-weecczct | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-3318 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3318 | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.1614/ | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.1614.2/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/798.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/181501 | Trust: 0.1 |
sources:
VULHUB: VHN-181443 //
VULMON: CVE-2020-3318 //
JVNDB: JVNDB-2020-005034 //
CNNVD: CNNVD-202005-189 //
NVD: CVE-2020-3318
SOURCES
| db: | VULHUB | id: | VHN-181443 |
| db: | VULMON | id: | CVE-2020-3318 |
| db: | JVNDB | id: | JVNDB-2020-005034 |
| db: | CNNVD | id: | CNNVD-202005-189 |
| db: | NVD | id: | CVE-2020-3318 |
LAST UPDATE DATE
2024-08-14T14:03:47.826000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-181443 | date: | 2020-05-08T00:00:00 |
| db: | VULMON | id: | CVE-2020-3318 | date: | 2020-05-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-005034 | date: | 2020-06-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-202005-189 | date: | 2020-05-12T00:00:00 |
| db: | NVD | id: | CVE-2020-3318 | date: | 2020-05-08T20:37:29.023 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-181443 | date: | 2020-05-06T00:00:00 |
| db: | VULMON | id: | CVE-2020-3318 | date: | 2020-05-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-005034 | date: | 2020-06-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-202005-189 | date: | 2020-05-06T00:00:00 |
| db: | NVD | id: | CVE-2020-3318 | date: | 2020-05-06T17:15:13.887 |