← Back

CVE-2020-3456

nvd nist
Published: Oct 21, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF protections for the FCM interface. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could take unauthorized actions on behalf of the targeted user.

Affected (1)

Cisco
1 product
Firepower Extensible Operating System
Configuration A
1 vulnerable · 16 platform
Vulnerable SoftwareAffected Versions
Firepower Extensible Operating System
Version 2.4(1.249)
Running on/withPlatform Versions
Cisco
Firepower 4110
All versions
Cisco
Firepower 4112
All versions
Cisco
Firepower 4115
All versions
Cisco
Firepower 4120
All versions
Cisco
Firepower 4125
All versions
Cisco
Firepower 4140
All versions
Cisco
Firepower 4145
All versions
Cisco
Firepower 4150
All versions
Cisco
Firepower 9300 Sm 24
All versions
Cisco
Firepower 9300 Sm 36
All versions
Cisco
Firepower 9300 Sm 40
All versions
Cisco
Firepower 9300 Sm 44
All versions
Cisco
Firepower 9300 Sm 44 X 3
All versions
Cisco
Firepower 9300 Sm 48
All versions
Cisco
Firepower 9300 Sm 56
All versions
Cisco
Firepower 9300 Sm 56 X 3
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.