CVE-2020-3564 — Improper Access Control in Cisco Adaptive Security Appliance

CWE-284 — Improper Access Control CWE-436 — Interpretation Conflict CWE-269 — Improper Privilege Management4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 51.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense +1 more

Timeline

PublishedOct 21

Latest updateMay 24

Description

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and successfully complete FTP conn…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software9.8.0 — 9.8.4.26+5

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwaren/a

▶NVDcisco/firepower_threat_defense6.4.0 — 6.4.0.10+3

▶NVDcisco/adaptive_security_appliance< 9.6

🔴Vulnerability Details

GHSA

GHSA-67g9-87g9-j8g9: A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software cou↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Bypass Vulnerability↗2020-10-21

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Bypass Vulnerability↗2020-10-21

▶