CVE-2020-3169
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability.
Affected (3)
Products: Cisco: Firepower Extensible Operating System
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 2.2 to 2.2.2.97 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower 4110 | All versions |
Cisco Firepower 4115 | All versions |
Cisco Firepower 4120 | All versions |
Cisco Firepower 4125 | All versions |
Cisco Firepower 4140 | All versions |
Cisco Firepower 4145 | All versions |
Cisco Firepower 4150 | All versions |
Cisco Firepower 9300 Sm 24 | All versions |
Cisco Firepower 9300 Sm 36 | All versions |
Cisco Firepower 9300 Sm 40 | All versions |
Cisco Firepower 9300 Sm 44 | All versions |
Cisco Firepower 9300 Sm 44 X 3 | All versions |
Cisco Firepower 9300 Sm 48 | All versions |
Cisco Firepower 9300 Sm 56 | All versions |
Cisco Firepower 9300 Sm 56 X 3 | All versions |
References (2)
Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.