ID

VAR-202010-1038


CVE

CVE-2020-3564


TITLE

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense software Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009717

DESCRIPTION

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and successfully complete FTP connections. The platform provides features such as highly secure access to data and network resources

Trust: 1.8

sources: NVD: CVE-2020-3564 // JVNDB: JVNDB-2020-009717 // VULHUB: VHN-181689 // VULMON: CVE-2020-3564

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.80

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.8.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.6.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.4.4

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.5.0.5

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.10.1.44

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.12.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.6

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.13.1.13

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.1.19

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.26

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.14.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliancescope:ltversion:9.6

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009717 // NVD: CVE-2020-3564

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3564
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3564
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-009717
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202010-1170
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181689
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3564
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3564
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-009717
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181689
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3564
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3564
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-009717
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181689 // VULMON: CVE-2020-3564 // JVNDB: JVNDB-2020-009717 // CNNVD: CNNVD-202010-1170 // NVD: CVE-2020-3564 // NVD: CVE-2020-3564

PROBLEMTYPE DATA

problemtype:CWE-436

Trust: 1.1

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-269

Trust: 0.9

sources: VULHUB: VHN-181689 // JVNDB: JVNDB-2020-009717 // NVD: CVE-2020-3564

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1170

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1170

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009717

PATCH

title:cisco-sa-asaftd-ftpbypass-HY3UTxYuurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ftpbypass-HY3UTxYu

Trust: 0.8

title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asaftd-ftpbypass-HY3UTxYu

Trust: 0.1

sources: VULMON: CVE-2020-3564 // JVNDB: JVNDB-2020-009717

EXTERNAL IDS

db:NVDid:CVE-2020-3564

Trust: 2.6

db:JVNDBid:JVNDB-2020-009717

Trust: 0.8

db:CNNVDid:CNNVD-202010-1170

Trust: 0.7

db:AUSCERTid:ESB-2020.3642.3

Trust: 0.6

db:AUSCERTid:ESB-2020.3642

Trust: 0.6

db:NSFOCUSid:50188

Trust: 0.6

db:VULHUBid:VHN-181689

Trust: 0.1

db:VULMONid:CVE-2020-3564

Trust: 0.1

sources: VULHUB: VHN-181689 // VULMON: CVE-2020-3564 // JVNDB: JVNDB-2020-009717 // CNNVD: CNNVD-202010-1170 // NVD: CVE-2020-3564

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftd-ftpbypass-hy3utxyu

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-3564

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3564

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.3642.3

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50188

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-software-read-write-access-via-ftp-inspection-engine-bypass-33669

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3642/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/436.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-181689 // VULMON: CVE-2020-3564 // JVNDB: JVNDB-2020-009717 // CNNVD: CNNVD-202010-1170 // NVD: CVE-2020-3564

SOURCES

db:VULHUBid:VHN-181689
db:VULMONid:CVE-2020-3564
db:JVNDBid:JVNDB-2020-009717
db:CNNVDid:CNNVD-202010-1170
db:NVDid:CVE-2020-3564

LAST UPDATE DATE

2024-08-14T13:54:28.614000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181689date:2021-10-19T00:00:00
db:VULMONid:CVE-2020-3564date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2020-009717date:2020-12-02T06:59:24
db:CNNVDid:CNNVD-202010-1170date:2021-10-20T00:00:00
db:NVDid:CVE-2020-3564date:2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:VULHUBid:VHN-181689date:2020-10-21T00:00:00
db:VULMONid:CVE-2020-3564date:2020-10-21T00:00:00
db:JVNDBid:JVNDB-2020-009717date:2020-12-02T06:59:24
db:CNNVDid:CNNVD-202010-1170date:2020-10-21T00:00:00
db:NVDid:CVE-2020-3564date:2020-10-21T19:15:18.060