← Back

CVE-2020-3457

nvd nist
Published: Oct 21, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Affected (12)

Cisco
3 products
Firepower Extensible Operating System
Adaptive Security Appliance Software
Firepower Threat Defense
Configuration A
4 vulnerable · 16 platform
Vulnerable SoftwareAffected Versions
Cisco
Firepower Extensible Operating System
From 2.4 to 2.4.1.266
Firepower Extensible Operating System
From 2.6 to 2.6.1.204
Firepower Extensible Operating System
From 2.7 to 2.7.1.131
Firepower Extensible Operating System
From 2.8 to 2.8.1.125
Running on/withPlatform Versions
Cisco
Firepower 4110
All versions
Cisco
Firepower 4112
All versions
Cisco
Firepower 4115
All versions
Cisco
Firepower 4120
All versions
Cisco
Firepower 4125
All versions
Cisco
Firepower 4140
All versions
Cisco
Firepower 4145
All versions
Cisco
Firepower 4150
All versions
Cisco
Firepower 9300 Sm 24
All versions
Cisco
Firepower 9300 Sm 36
All versions
Cisco
Firepower 9300 Sm 40
All versions
Cisco
Firepower 9300 Sm 44
All versions
Cisco
Firepower 9300 Sm 44 X 3
All versions
Cisco
Firepower 9300 Sm 48
All versions
Cisco
Firepower 9300 Sm 56
All versions
Cisco
Firepower 9300 Sm 56 X 3
All versions
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Adaptive Security Appliance Software
From 9.10 to 9.10.1.40
Adaptive Security Appliance Software
From 9.12 to 9.12.4.3
Adaptive Security Appliance Software
From 9.13 to 9.13.1.13
Adaptive Security Appliance Software
From 9.8 to 9.8.4.29
Adaptive Security Appliance Software
From 9.9 to 9.9.2.80
Configuration C
3 vulnerable · 10 platform
Vulnerable SoftwareAffected Versions
Cisco
Firepower Threat Defense
From 6.2.2 to 6.3.0.6
Firepower Threat Defense
From 6.4.0 to 6.4.0.9
Firepower Threat Defense
From 6.5.0 to 6.5.0.5
Running on/withPlatform Versions
Cisco
Firepower 1000
All versions
Cisco
Firepower 1010
All versions
Cisco
Firepower 1120
All versions
Cisco
Firepower 1140
All versions
Cisco
Firepower 1150
All versions
Cisco
Firepower 2100
All versions
Cisco
Firepower 2110
All versions
Cisco
Firepower 2120
All versions
Cisco
Firepower 2130
All versions
Cisco
Firepower 2140
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.