ID

VAR-202010-1033


CVE

CVE-2020-3499


TITLE

Cisco Firepower Management Center  Resource depletion vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-012615

DESCRIPTION

A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. A successful exploit could allow the attacker to cause the affected system to become unresponsive, resulting in a DoS condition and preventing the management of dependent devices

Trust: 1.8

sources: NVD: CVE-2020-3499 // JVNDB: JVNDB-2020-012615 // VULHUB: VHN-181624 // VULMON: CVE-2020-3499

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower management centerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012615 // NVD: CVE-2020-3499

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3499
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3499
value: HIGH

Trust: 1.0

NVD: CVE-2020-3499
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1154
value: HIGH

Trust: 0.6

VULHUB: VHN-181624
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3499
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3499
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-181624
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2020-3499
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3499
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-181624 // VULMON: CVE-2020-3499 // JVNDB: JVNDB-2020-012615 // CNNVD: CNNVD-202010-1154 // NVD: CVE-2020-3499 // NVD: CVE-2020-3499

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-399

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181624 // JVNDB: JVNDB-2020-012615 // NVD: CVE-2020-3499

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1154

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1154

PATCH

title:cisco-sa-ftdfmc-dos-NjYvDcLAurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dos-NjYvDcLA

Trust: 0.8

sources: JVNDB: JVNDB-2020-012615

EXTERNAL IDS

db:NVDid:CVE-2020-3499

Trust: 2.6

db:JVNDBid:JVNDB-2020-012615

Trust: 0.8

db:CNNVDid:CNNVD-202010-1154

Trust: 0.7

db:AUSCERTid:ESB-2020.3637

Trust: 0.6

db:NSFOCUSid:50198

Trust: 0.6

db:VULHUBid:VHN-181624

Trust: 0.1

db:VULMONid:CVE-2020-3499

Trust: 0.1

sources: VULHUB: VHN-181624 // VULMON: CVE-2020-3499 // JVNDB: JVNDB-2020-012615 // CNNVD: CNNVD-202010-1154 // NVD: CVE-2020-3499

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftdfmc-dos-njyvdcla

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-3499

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3637/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50198

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-181624 // VULMON: CVE-2020-3499 // JVNDB: JVNDB-2020-012615 // CNNVD: CNNVD-202010-1154 // NVD: CVE-2020-3499

SOURCES

db:VULHUBid:VHN-181624
db:VULMONid:CVE-2020-3499
db:JVNDBid:JVNDB-2020-012615
db:CNNVDid:CNNVD-202010-1154
db:NVDid:CVE-2020-3499

LAST UPDATE DATE

2024-08-14T13:43:49.704000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181624date:2022-10-29T00:00:00
db:VULMONid:CVE-2020-3499date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2020-012615date:2021-05-17T09:06:00
db:CNNVDid:CNNVD-202010-1154date:2020-11-05T00:00:00
db:NVDid:CVE-2020-3499date:2022-10-29T02:41:29.650

SOURCES RELEASE DATE

db:VULHUBid:VHN-181624date:2020-10-21T00:00:00
db:VULMONid:CVE-2020-3499date:2020-10-21T00:00:00
db:JVNDBid:JVNDB-2020-012615date:2021-05-17T00:00:00
db:CNNVDid:CNNVD-202010-1154date:2020-10-21T00:00:00
db:NVDid:CVE-2020-3499date:2020-10-21T19:15:16.623