CVE-2020-3352

EPSS 0.06%
Veröffentlicht 21.10.2020 19:15:15
Zuletzt bearbeitet 21.11.2024 05:30:51
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI access.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Firepower Threat Defense Version < 6.3.0.6

Cisco ≫ Firepower Threat Defense Version >= 6.4.0 < 6.4.0.10

Cisco ≫ Firepower Threat Defense Version >= 6.5.0 < 6.5.0.5

Cisco ≫ Firepower Threat Defense Version >= 6.6.0 < 6.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:N/I:P/A:N
psirt@cisco.com	5.3	1.8	3.4	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-hidcmd-pFDeWVBd

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3352

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3352

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3352

EUVD