CVE-2020-3352 — Hidden Functionality in Cisco Firepower Threat Defense

CWE-912 — Hidden Functionality4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 82.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense Cisco Firepower Threat Defense Software

Timeline

PublishedOct 21

Latest updateMay 24

Description

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI acc…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_softwaren/a

▶NVDcisco/firepower_threat_defense6.4.0 — 6.4.0.10+3

🔴Vulnerability Details

GHSA

GHSA-qvv9-2cww-q346: A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands↗2022-05-24

▶

CVEList

Cisco Firepower Threat Defense Software Hidden Commands Vulnerability↗2020-10-21

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software Hidden Commands Vulnerability↗2020-10-21

▶