CVE-2020-3308

EPSS 0.08%
Veröffentlicht 06.05.2020 17:15:13
Zuletzt bearbeitet 26.11.2024 16:09:02
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Firepower Threat Defense Version < 6.2.2.1

Cisco ≫ Secure Firewall Management Center Version6.2.2

Cisco ≫ Secure Firewall Management Center Version6.2.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.242

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
psirt@cisco.com	4.9	1.2	3.6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sigbypass-FcvPPCeP

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3308

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3308

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3308

EUVD