CVE-2020-3410 — Improper Authentication in Cisco Firepower Management Center

CWE-287 — Improper Authentication4 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.6%

top 29.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Management Center Cisco Secure Firewall Management Center

Timeline

PublishedOct 21

Latest updateMay 24

Description

A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during CAC authentication. An attacker could exploit this vulnerability by performing a CAC-based authentication attempt to an affected system. A succe…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_management_centern/a

▶NVDcisco/secure_firewall_management_center6.6.0, 6.6.0.1+1

🔴Vulnerability Details

GHSA

GHSA-r86h-g4g8-qqmr: A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthentica↗2022-05-24

▶

CVEList

Cisco Firepower Management Center Software Common Access Card Authentication Bypass Vulnerability↗2020-10-21

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center Software Common Access Card Authentication Bypass Vulnerability↗2020-10-21

▶