CVE-2020-3545

CWE-119 — Buffer Overflow CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 81.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Extensible Operating System Cisco Cisco Firepower Extensible Operating System (fxos)

Timeline

PublishedSep 4

Latest updateMay 24

Description

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating sy…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_extensible_operating_system_(fxos)n/a

▶NVDcisco/firepower_extensible_operating_system2.3.1.58

🔴Vulnerability Details

GHSA

GHSA-7qq2-vhg3-r8g8: A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow conditi↗2022-05-24

▶

CVEList

Cisco FXOS Software Buffer Overflow Vulnerability↗2020-09-04

▶

📋Vendor Advisories

Cisco

Cisco FXOS Software Buffer Overflow Vulnerability↗2020-09-02

▶