CVE-2020-3458Protection Mechanism Failure in Cisco Adaptive Security Appliance Software

CWE-693Protection Mechanism Failure4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 83.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat DefenseCisco Adaptive Security Appliance Software
Timeline
PublishedOct 21
Latest updateMay 24

Description

Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The vulnerabilities are due to insufficient protections of the secure boot process. An attacker could exploit these vulnerabilities by injecting code into specific files that are then referenced during t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/firepower_threat_defense6.3.06.3.0.6+4

🔴Vulnerability Details

2
GHSA
GHSA-xj5h-8prx-gpx7: Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software fo2022-05-24
CVEList
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000/2100 Series Appliances Secure Boot Bypass Vulnerabilities2020-10-21

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000/2100 Series Appliances Secure Boot Bypass Vulnerabilities2020-10-21
CVE-2020-3458 — Protection Mechanism Failure in Cisco | cvebase