CVE-2020-3312 — Improper Access Control in Cisco Firepower Threat Defense Software

CWE-284 — Improper Access Control CWE-732 — Incorrect Permission Assignment4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 32.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense Software Cisco Secure Firewall Management Center

Timeline

PublishedMay 6

Latest updateMay 24

Description

A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_softwaren/a

▶NVDcisco/secure_firewall_management_center5 versions+4

🔴Vulnerability Details

GHSA

GHSA-6w5p-82mj-5jw4: A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attack↗2022-05-24

▶

CVEList

Cisco Firepower Threat Defense Software Information Disclosure Vulnerability↗2020-05-06

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software Information Disclosure Vulnerability↗2020-05-06

▶