CVE-2020-3310Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Firepower Device Manager On-box

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.4%
top 37.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Firepower Device Manager On-boxCisco Firepower Threat Defense Software
Timeline
PublishedMay 6
Latest updateMay 24

Description

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways using a malicious file: An attacker with administrative privileges could upload a malicious XML file on the system and cause the XML code to parse the malicious

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-mwm2-vw9r-qw3f: A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an aff2022-05-24
CVEList
Cisco Firepower Device Manager On-Box Software XML Parsing Vulnerability2020-05-06

📋Vendor Advisories

1
Cisco
Cisco Firepower Device Manager On-Box Software XML Parsing Vulnerability2020-05-06
CVE-2020-3310 — Cisco vulnerability | cvebase