Details of VAR-202010-1033

ID

VAR-202010-1033

CVE

CVE-2020-3499

TITLE

Cisco Firepower Management Center Resource depletion vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-012615

DESCRIPTION

A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. A successful exploit could allow the attacker to cause the affected system to become unresponsive, resulting in a DoS condition and preventing the management of dependent devices

Trust: 1.8

sources: NVD: CVE-2020-3499 // JVNDB: JVNDB-2020-012615 // VULHUB: VHN-181624 // VULMON: CVE-2020-3499

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco firepower management center	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012615 // NVD: CVE-2020-3499

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3499
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3499
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3499
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-1154
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181624
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3499
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3499
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-181624
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2020-3499
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-3499
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-181624 // VULMON: CVE-2020-3499 // JVNDB: JVNDB-2020-012615 // CNNVD: CNNVD-202010-1154 // NVD: CVE-2020-3499 // NVD: CVE-2020-3499

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-399	Trust: 1.0
problemtype:	Resource exhaustion (CWE-400) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181624 // JVNDB: JVNDB-2020-012615 // NVD: CVE-2020-3499

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1154

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1154

PATCH

title:

cisco-sa-ftdfmc-dos-NjYvDcLA

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dos-NjYvDcLA

Trust: 0.8

sources: JVNDB: JVNDB-2020-012615

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3499	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-012615	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1154	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3637	Trust: 0.6
db:	NSFOCUS	id:	50198	Trust: 0.6
db:	VULHUB	id:	VHN-181624	Trust: 0.1
db:	VULMON	id:	CVE-2020-3499	Trust: 0.1

sources: VULHUB: VHN-181624 // VULMON: CVE-2020-3499 // JVNDB: JVNDB-2020-012615 // CNNVD: CNNVD-202010-1154 // NVD: CVE-2020-3499

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftdfmc-dos-njyvdcla	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3499	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3637/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50198	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-181624 // VULMON: CVE-2020-3499 // JVNDB: JVNDB-2020-012615 // CNNVD: CNNVD-202010-1154 // NVD: CVE-2020-3499

SOURCES

db:	VULHUB	id:	VHN-181624
db:	VULMON	id:	CVE-2020-3499
db:	JVNDB	id:	JVNDB-2020-012615
db:	CNNVD	id:	CNNVD-202010-1154
db:	NVD	id:	CVE-2020-3499

LAST UPDATE DATE

2024-08-14T13:43:49.704000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181624	date:	2022-10-29T00:00:00
db:	VULMON	id:	CVE-2020-3499	date:	2020-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-012615	date:	2021-05-17T09:06:00
db:	CNNVD	id:	CNNVD-202010-1154	date:	2020-11-05T00:00:00
db:	NVD	id:	CVE-2020-3499	date:	2022-10-29T02:41:29.650

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181624	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-3499	date:	2020-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-012615	date:	2021-05-17T00:00:00
db:	CNNVD	id:	CNNVD-202010-1154	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-3499	date:	2020-10-21T19:15:16.623