CVE-2020-3557Improper Certificate Validation in Cisco Secure Firewall Management Center

CWE-295Improper Certificate Validation4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 58.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Secure Firewall Management CenterCisco Firepower Management Center
Timeline
PublishedOct 21
Latest updateMay 24

Description

A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted data stream to the host input daemon of the affected device. A successful exploit could allow the attacker to cause the host input daemon to restart. The attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-4g3g-c4gj-wqr7: A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to ca2022-05-24
CVEList
Cisco Firepower Management Center Software Denial of Service Vulnerability2020-10-21

📋Vendor Advisories

1
Cisco
Cisco Firepower Management Center Software Denial of Service Vulnerability2020-10-21
CVE-2020-3557 — Improper Certificate Validation | cvebase