Details of VAR-202010-1013

ID

VAR-202010-1013

CVE

CVE-2020-3410

TITLE

Cisco Firepower Management Center Authentication vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-012610

DESCRIPTION

A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during CAC authentication. An attacker could exploit this vulnerability by performing a CAC-based authentication attempt to an affected system. A successful exploit could allow the attacker to access an affected system with the privileges of a CAC-authenticated user who is currently logged in

Trust: 1.8

sources: NVD: CVE-2020-3410 // JVNDB: JVNDB-2020-012610 // VULHUB: VHN-181535 // VULMON: CVE-2020-3410

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.6.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco firepower management center	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012610 // NVD: CVE-2020-3410

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3410
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3410
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3410
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-1150
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181535
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3410
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3410
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-181535
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3410
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3410
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181535 // VULMON: CVE-2020-3410 // JVNDB: JVNDB-2020-012610 // CNNVD: CNNVD-202010-1150 // NVD: CVE-2020-3410 // NVD: CVE-2020-3410

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181535 // JVNDB: JVNDB-2020-012610 // NVD: CVE-2020-3410

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1150

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202010-1150

PATCH

title:

cisco-sa-fmc-cacauthbyp-NCLGZm3Q

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cacauthbyp-NCLGZm3Q

Trust: 0.8

sources: JVNDB: JVNDB-2020-012610

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3410	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-012610	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1150	Trust: 0.7
db:	NSFOCUS	id:	50202	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3637	Trust: 0.6
db:	VULHUB	id:	VHN-181535	Trust: 0.1
db:	VULMON	id:	CVE-2020-3410	Trust: 0.1

sources: VULHUB: VHN-181535 // VULMON: CVE-2020-3410 // JVNDB: JVNDB-2020-012610 // CNNVD: CNNVD-202010-1150 // NVD: CVE-2020-3410

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-cacauthbyp-nclgzm3q	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3410	Trust: 1.4
url:	http://www.nsfocus.net/vulndb/50202	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3637/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-181535 // VULMON: CVE-2020-3410 // JVNDB: JVNDB-2020-012610 // CNNVD: CNNVD-202010-1150 // NVD: CVE-2020-3410

SOURCES

db:	VULHUB	id:	VHN-181535
db:	VULMON	id:	CVE-2020-3410
db:	JVNDB	id:	JVNDB-2020-012610
db:	CNNVD	id:	CNNVD-202010-1150
db:	NVD	id:	CVE-2020-3410

LAST UPDATE DATE

2024-08-14T13:43:49.731000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181535	date:	2020-10-28T00:00:00
db:	VULMON	id:	CVE-2020-3410	date:	2020-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-012610	date:	2021-05-17T09:06:00
db:	CNNVD	id:	CNNVD-202010-1150	date:	2020-11-05T00:00:00
db:	NVD	id:	CVE-2020-3410	date:	2023-11-07T03:22:40.527

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181535	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-3410	date:	2020-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-012610	date:	2021-05-17T00:00:00
db:	CNNVD	id:	CNNVD-202010-1150	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-3410	date:	2020-10-21T19:15:15.997