CVE-2020-3550

EPSS 0.34%
Veröffentlicht 21.10.2020 19:15:17
Zuletzt bearbeitet 26.11.2024 16:09:02
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Firepower Threat Defense Version <= 6.0.1

Cisco ≫ Firepower Threat Defense Version >= 6.3.0 < 6.3.0.6

Cisco ≫ Firepower Threat Defense Version >= 6.4.0 < 6.4.0.10

Cisco ≫ Firepower Threat Defense Version6.2.0

Cisco ≫ Firepower Threat Defense Version6.2.1

Cisco ≫ Secure Firewall Management Center Version <= 6.0.1

Cisco ≫ Secure Firewall Management Center Version >= 6.3.0 < 6.3.0.6

Cisco ≫ Secure Firewall Management Center Version >= 6.4.0 < 6.4.0.10

Cisco ≫ Secure Firewall Management Center Version6.2.0

Cisco ≫ Secure Firewall Management Center Version6.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.537

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N
psirt@cisco.com	8.1	2.8	5.2	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dirtrav-NW8XcuSB

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3550

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3550

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3550

EUVD