CVE-2020-3457

Published Oct 21, 2020

Last updated a year ago

CVSS medium 6.7

Overview

Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78
ykramarz@cisco.com: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F28E6085-8E83-4A6F-9C6A-6B8D5F0BE334",
            "versionEndExcluding": "2.4.1.266",
            "versionStartIncluding": "2.4"
          },
          {
            "criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6DCD71B-89A0-4D38-89F8-DB358145FDA0",
            "versionEndExcluding": "2.6.1.204",
            "versionStartIncluding": "2.6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2E8A64D-C8E2-4030-8616-D47741E43E3A",
            "versionEndExcluding": "2.7.1.131",
            "versionStartIncluding": "2.7"
          },
          {
            "criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C931A1B-3465-4CD6-A62A-BFA0180A917E",
            "versionEndExcluding": "2.8.1.125",
            "versionStartIncluding": "2.8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "957D64EB-D60E-4775-B9A8-B21CA48ED3B1"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-24:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "18048A84-BA0F-48EF-AFFB-635FF7F70C66"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-36:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "317DF3DD-C7CD-4CA2-804F-A738E048BEB4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C13CF29B-9308-452B-B7E0-9E818B5A6C1E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-44:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6DB527C2-855E-4BB9-BCA7-94BE86100D44"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-44_x_3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E82C1B05-990D-49D2-B80A-C3EDD4082840"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-48:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "421D91C3-8AB3-45E1-9E55-13ED1A4A623E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-56:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2D741945-8B0A-408D-A5FE-D5B38DC6D46A"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-56_x_3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9308CA67-E949-4338-A890-22B3C4428D70"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44064024-9A8B-4443-9AF7-B28CD3C643F0",
            "versionEndExcluding": "9.8.4.29",
            "versionStartIncluding": "9.8"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86B181C5-34C2-4BD5-B012-841B978A26C4",
            "versionEndExcluding": "9.9.2.80",
            "versionStartIncluding": "9.9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CCF1EAA-45F3-4155-B8DA-F34213C911F7",
            "versionEndExcluding": "9.10.1.40",
            "versionStartIncluding": "9.10"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "922DEE7A-F3E4-4DE1-AAB0-71F92C208EA0",
            "versionEndExcluding": "9.12.4.3",
            "versionStartIncluding": "9.12"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F21E8FD7-6BBB-4D7B-B21A-D5D57630800A",
            "versionEndExcluding": "9.13.1.13",
            "versionStartIncluding": "9.13"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E6F79864-CA70-4192-AC2C-E174DF3F25B2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7FFE3880-4B85-4E23-9836-70875D5109F7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "727A02E8-40A1-4DFE-A3A2-91D628D3044F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "19F6546E-28F4-40DC-97D6-E0E023FE939B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D23A26EF-5B43-437C-A962-4FC69D8A0FF4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAE7D15F-6771-421C-94A9-89280283DEF8",
            "versionEndExcluding": "6.3.0.6",
            "versionStartIncluding": "6.2.2"
          },
          {
            "criteria": "cpe:2.3:o:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "706422EE-ACF8-46AA-A946-27BA302BD180",
            "versionEndExcluding": "6.4.0.9",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:o:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38DCBF6C-AA34-4A5B-B2B1-57684DD5BB42",
            "versionEndExcluding": "6.5.0.5",
            "versionStartIncluding": "6.5.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E6F79864-CA70-4192-AC2C-E174DF3F25B2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7FFE3880-4B85-4E23-9836-70875D5109F7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "727A02E8-40A1-4DFE-A3A2-91D628D3044F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "19F6546E-28F4-40DC-97D6-E0E023FE939B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D23A26EF-5B43-437C-A962-4FC69D8A0FF4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References