CVE-2020-3352

Published: Oct 21, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI access.

Affected (4)

Products: Cisco: Firepower Threat Defense

Cisco

1 product

Firepower Threat Defense

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Firepower Threat Defense	Before 6.3.0.6
Cisco Firepower Threat Defense	From 6.4.0 to 6.4.0.10
Cisco Firepower Threat Defense	From 6.5.0 to 6.5.0.5
Cisco Firepower Threat Defense	From 6.6.0 to 6.6.1

Related CWEs

CWE-912

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-hidcmd-pFDeWVBd

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-hidcmd-pFDeWVBd

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.