ID

VAR-202010-1013


CVE

CVE-2020-3410


TITLE

Cisco Firepower Management Center  Authentication vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-012610

DESCRIPTION

A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during CAC authentication. An attacker could exploit this vulnerability by performing a CAC-based authentication attempt to an affected system. A successful exploit could allow the attacker to access an affected system with the privileges of a CAC-authenticated user who is currently logged in

Trust: 1.8

sources: NVD: CVE-2020-3410 // JVNDB: JVNDB-2020-012610 // VULHUB: VHN-181535 // VULMON: CVE-2020-3410

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.0.1

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.6.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower management centerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012610 // NVD: CVE-2020-3410

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3410
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3410
value: HIGH

Trust: 1.0

NVD: CVE-2020-3410
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1150
value: HIGH

Trust: 0.6

VULHUB: VHN-181535
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3410
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3410
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-181535
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3410
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2020-3410
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181535 // VULMON: CVE-2020-3410 // JVNDB: JVNDB-2020-012610 // CNNVD: CNNVD-202010-1150 // NVD: CVE-2020-3410 // NVD: CVE-2020-3410

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181535 // JVNDB: JVNDB-2020-012610 // NVD: CVE-2020-3410

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1150

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202010-1150

PATCH

title:cisco-sa-fmc-cacauthbyp-NCLGZm3Qurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cacauthbyp-NCLGZm3Q

Trust: 0.8

sources: JVNDB: JVNDB-2020-012610

EXTERNAL IDS

db:NVDid:CVE-2020-3410

Trust: 2.6

db:JVNDBid:JVNDB-2020-012610

Trust: 0.8

db:CNNVDid:CNNVD-202010-1150

Trust: 0.7

db:NSFOCUSid:50202

Trust: 0.6

db:AUSCERTid:ESB-2020.3637

Trust: 0.6

db:VULHUBid:VHN-181535

Trust: 0.1

db:VULMONid:CVE-2020-3410

Trust: 0.1

sources: VULHUB: VHN-181535 // VULMON: CVE-2020-3410 // JVNDB: JVNDB-2020-012610 // CNNVD: CNNVD-202010-1150 // NVD: CVE-2020-3410

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-cacauthbyp-nclgzm3q

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-3410

Trust: 1.4

url:http://www.nsfocus.net/vulndb/50202

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3637/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-181535 // VULMON: CVE-2020-3410 // JVNDB: JVNDB-2020-012610 // CNNVD: CNNVD-202010-1150 // NVD: CVE-2020-3410

SOURCES

db:VULHUBid:VHN-181535
db:VULMONid:CVE-2020-3410
db:JVNDBid:JVNDB-2020-012610
db:CNNVDid:CNNVD-202010-1150
db:NVDid:CVE-2020-3410

LAST UPDATE DATE

2024-08-14T13:43:49.731000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181535date:2020-10-28T00:00:00
db:VULMONid:CVE-2020-3410date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2020-012610date:2021-05-17T09:06:00
db:CNNVDid:CNNVD-202010-1150date:2020-11-05T00:00:00
db:NVDid:CVE-2020-3410date:2023-11-07T03:22:40.527

SOURCES RELEASE DATE

db:VULHUBid:VHN-181535date:2020-10-21T00:00:00
db:VULMONid:CVE-2020-3410date:2020-10-21T00:00:00
db:JVNDBid:JVNDB-2020-012610date:2021-05-17T00:00:00
db:CNNVDid:CNNVD-202010-1150date:2020-10-21T00:00:00
db:NVDid:CVE-2020-3410date:2020-10-21T19:15:15.997