Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3309

Опубликовано: 06 мая 2020
Источник: nvd
CVSS3: 6.5
CVSS3: 7.2
CVSS2: 9
EPSS Низкий

Описание

A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:cisco:firepower_device_manager_on-box:*:*:*:*:*:*:*:*
Версия до 6.2.3 (исключая)

EPSS

Процентиль: 75%
0.00878
Низкий

6.5 Medium

CVSS3

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-20
CWE-787

Связанные уязвимости

github логотип

GHSA-37wp-r5gr-q42h

github
больше 3 лет назад

A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device.

fstec логотип

BDU:2020-02525

CVSS3: 7.2
fstec
почти 6 лет назад

Уязвимость программного обеспечения для управления межсетевыми экранами Cisco Firepower Device Manager On-Box, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю перезаписать произвольные файлы в базовой операционной системе уязвимого устройства

EPSS

Процентиль: 75%
0.00878
Низкий

6.5 Medium

CVSS3

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-20
CWE-787