CVE-2020-3514DEPRECATED: Containment Errors (Container Errors) in Cisco Firepower Threat Defense

CWE-216DEPRECATED: Containment Errors (Container Errors)5 documents5 sources
Severity
6.7MEDIUMNVD
CNA8.2
EPSS
0.0%
top 91.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Firepower Threat DefenseCisco Secure Firewall Management CenterCisco Firepower Threat Defense Software
Timeline
PublishedOct 21
Latest updateJul 18

Description

A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials on the device.The vulnerability exists because a configuration file that is used at container startup has insufficient protections. An attacker could exploit this vulnerability by modifying a specific

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/firepower_threat_defense6.3.06.3.0.6+3

🔴Vulnerability Details

3
OSV
389-ds-base vulnerabilities2022-07-18
GHSA
GHSA-fjp7-wvw8-x28g: A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape2022-05-24
CVEList
Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability2020-10-21

📋Vendor Advisories

1
Cisco
Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability2020-10-21
CVE-2020-3514 — Cisco vulnerability | cvebase