CVE-2020-3309 — Improper Input Validation in Cisco Firepower Device Manager On-box

CWE-20 — Improper Input Validation CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.9%

top 24.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Device Manager On-box Cisco Firepower Threat Defense Software

Timeline

PublishedMay 6

Latest updateMay 24

Description

A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/firepower_device_manager_on-box< 6.2.3

▶CVEListV5cisco/cisco_firepower_threat_defense_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-37wp-r5gr-q42h: A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on↗2022-05-24

▶

CVEList

Cisco Firepower Device Manager On-Box Software Arbitrary File Overwrite Vulnerability↗2020-05-06

▶

📋Vendor Advisories

Cisco

Cisco Firepower Device Manager On-Box Software Arbitrary File Overwrite Vulnerability↗2020-05-06

▶