CVE-2020-3307 — Improper Input Validation in Cisco Firepower Management Center

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 62.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Management Center Cisco Secure Firewall Management Center

Timeline

PublishedMay 6

Latest updateMay 24

Description

A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_management_centern/a

▶NVDcisco/secure_firewall_management_center5 versions+4

🔴Vulnerability Details

GHSA

GHSA-6h9x-7mp9-h6hr: A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary e↗2022-05-24

▶

CVEList

Cisco Firepower Management Center Arbitrary Log File Write Vulnerability↗2020-05-06

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Arbitrary Log File Write Vulnerability↗2020-05-06

▶