ID

VAR-202010-1012


CVE

CVE-2020-3352


TITLE

Cisco Firepower Threat Defense  Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-012497

DESCRIPTION

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI access

Trust: 1.8

sources: NVD: CVE-2020-3352 // JVNDB: JVNDB-2020-012497 // VULHUB: VHN-181477 // VULMON: CVE-2020-3352

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:gteversion:6.6.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.5.0.5

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.1

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.10

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.6

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope:eqversion:cisco firepower threat defense software

Trust: 0.8

sources: JVNDB: JVNDB-2020-012497 // NVD: CVE-2020-3352

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3352
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3352
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3352
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202010-1145
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181477
value: LOW

Trust: 0.1

VULMON: CVE-2020-3352
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3352
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-181477
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3352
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3352
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: CVE-2020-3352
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181477 // VULMON: CVE-2020-3352 // JVNDB: JVNDB-2020-012497 // CNNVD: CNNVD-202010-1145 // NVD: CVE-2020-3352 // NVD: CVE-2020-3352

PROBLEMTYPE DATA

problemtype:CWE-912

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012497 // NVD: CVE-2020-3352

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1145

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1145

PATCH

title:cisco-sa-ftd-hidcmd-pFDeWVBdurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-hidcmd-pFDeWVBd

Trust: 0.8

sources: JVNDB: JVNDB-2020-012497

EXTERNAL IDS

db:NVDid:CVE-2020-3352

Trust: 2.6

db:JVNDBid:JVNDB-2020-012497

Trust: 0.8

db:CNNVDid:CNNVD-202010-1145

Trust: 0.7

db:AUSCERTid:ESB-2020.3634

Trust: 0.6

db:NSFOCUSid:50174

Trust: 0.6

db:VULHUBid:VHN-181477

Trust: 0.1

db:VULMONid:CVE-2020-3352

Trust: 0.1

sources: VULHUB: VHN-181477 // VULMON: CVE-2020-3352 // JVNDB: JVNDB-2020-012497 // CNNVD: CNNVD-202010-1145 // NVD: CVE-2020-3352

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-hidcmd-pfdewvbd

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-3352

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3634/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50174

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-181477 // VULMON: CVE-2020-3352 // JVNDB: JVNDB-2020-012497 // CNNVD: CNNVD-202010-1145 // NVD: CVE-2020-3352

SOURCES

db:VULHUBid:VHN-181477
db:VULMONid:CVE-2020-3352
db:JVNDBid:JVNDB-2020-012497
db:CNNVDid:CNNVD-202010-1145
db:NVDid:CVE-2020-3352

LAST UPDATE DATE

2024-08-14T14:18:45.315000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181477date:2020-10-23T00:00:00
db:VULMONid:CVE-2020-3352date:2020-10-23T00:00:00
db:JVNDBid:JVNDB-2020-012497date:2021-05-11T06:16:00
db:CNNVDid:CNNVD-202010-1145date:2020-11-04T00:00:00
db:NVDid:CVE-2020-3352date:2020-10-23T17:59:45.197

SOURCES RELEASE DATE

db:VULHUBid:VHN-181477date:2020-10-21T00:00:00
db:VULMONid:CVE-2020-3352date:2020-10-21T00:00:00
db:JVNDBid:JVNDB-2020-012497date:2021-05-11T00:00:00
db:CNNVDid:CNNVD-202010-1145date:2020-10-21T00:00:00
db:NVDid:CVE-2020-3352date:2020-10-21T19:15:15.810