← Back

CVE-2020-3550

nvd nist
Published: Oct 21, 2020Modified: Nov 26, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device.

Affected (10)

Cisco
2 products
Firepower Threat Defense
Secure Firewall Management Center
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Firepower Threat Defense
Up to 6.0.1
Firepower Threat Defense
From 6.3.0 to 6.3.0.6
Firepower Threat Defense
From 6.4.0 to 6.4.0.10
Firepower Threat Defense
Version 6.2.0
Firepower Threat Defense
Version 6.2.1
Cisco
Secure Firewall Management Center
Up to 6.0.1
Secure Firewall Management Center
From 6.3.0 to 6.3.0.6
Secure Firewall Management Center
From 6.4.0 to 6.4.0.10
Secure Firewall Management Center
Version 6.2.0
Secure Firewall Management Center
Version 6.2.1

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.