Details of VAR-202010-1038

ID

VAR-202010-1038

CVE

CVE-2020-3564

TITLE

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense software Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009717

DESCRIPTION

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and successfully complete FTP connections. The platform provides features such as highly secure access to data and network resources

Trust: 1.8

sources: NVD: CVE-2020-3564 // JVNDB: JVNDB-2020-009717 // VULHUB: VHN-181689 // VULMON: CVE-2020-3564

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.80	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.8.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.4.4	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.5.0.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.10.1.44	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.12.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.3.0.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.10.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.13.1.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.13.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.6.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.14.1.19	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.26	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.14.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	lt	version:	9.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-009717 // NVD: CVE-2020-3564

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3564
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3564
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-009717
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202010-1170
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181689
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3564
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3564
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-009717
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181689
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3564
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3564
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-009717
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181689 // VULMON: CVE-2020-3564 // JVNDB: JVNDB-2020-009717 // CNNVD: CNNVD-202010-1170 // NVD: CVE-2020-3564 // NVD: CVE-2020-3564

PROBLEMTYPE DATA

problemtype:	CWE-436	Trust: 1.1
problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-269	Trust: 0.9

sources: VULHUB: VHN-181689 // JVNDB: JVNDB-2020-009717 // NVD: CVE-2020-3564

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1170

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1170

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009717

PATCH

title:	cisco-sa-asaftd-ftpbypass-HY3UTxYu	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ftpbypass-HY3UTxYu	Trust: 0.8
title:	Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asaftd-ftpbypass-HY3UTxYu	Trust: 0.1

sources: VULMON: CVE-2020-3564 // JVNDB: JVNDB-2020-009717

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3564	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-009717	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1170	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3642.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3642	Trust: 0.6
db:	NSFOCUS	id:	50188	Trust: 0.6
db:	VULHUB	id:	VHN-181689	Trust: 0.1
db:	VULMON	id:	CVE-2020-3564	Trust: 0.1

sources: VULHUB: VHN-181689 // VULMON: CVE-2020-3564 // JVNDB: JVNDB-2020-009717 // CNNVD: CNNVD-202010-1170 // NVD: CVE-2020-3564

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftd-ftpbypass-hy3utxyu	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3564	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3564	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.3642.3	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50188	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-software-read-write-access-via-ftp-inspection-engine-bypass-33669	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3642/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/436.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-181689 // VULMON: CVE-2020-3564 // JVNDB: JVNDB-2020-009717 // CNNVD: CNNVD-202010-1170 // NVD: CVE-2020-3564

SOURCES

db:	VULHUB	id:	VHN-181689
db:	VULMON	id:	CVE-2020-3564
db:	JVNDB	id:	JVNDB-2020-009717
db:	CNNVD	id:	CNNVD-202010-1170
db:	NVD	id:	CVE-2020-3564

LAST UPDATE DATE

2024-08-14T13:54:28.614000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181689	date:	2021-10-19T00:00:00
db:	VULMON	id:	CVE-2020-3564	date:	2021-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-009717	date:	2020-12-02T06:59:24
db:	CNNVD	id:	CNNVD-202010-1170	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2020-3564	date:	2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181689	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-3564	date:	2020-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-009717	date:	2020-12-02T06:59:24
db:	CNNVD	id:	CNNVD-202010-1170	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-3564	date:	2020-10-21T19:15:18.060