CVE-2020-3302 — Improper Input Validation in Cisco Secure Firewall Management Center

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.5%

top 32.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Management Center Cisco Firepower Management Center

Timeline

PublishedMay 6

Latest updateMay 24

Description

A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted file to the web UI on an affected device. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_management_centern/a

▶NVDcisco/secure_firewall_management_center< 6.2.2.2

🔴Vulnerability Details

GHSA

GHSA-72ph-vxxh-m85f: A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on↗2022-05-24

▶

CVEList

Cisco Firepower Management Center File Overwrite Vulnerability↗2020-05-06

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center File Overwrite Vulnerability↗2020-05-06

▶