CVE-2020-3186
Cisco Firepower Threat Defense Software Management Access List Bypass Vulnerability
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the configuration of different management access lists, with ports allowed in one access list and denied in another. An attacker could exploit this vulnerability by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could allow the attacker to bypass the configured management access list policies, and traffic to the management interface would not be properly denied.
Una vulnerabilidad en la configuración de listas de acceso de administración del Cisco Firepower Threat Defense (FTD) Software, podría permitir a un atacante remoto no autenticado omitir una lista de acceso de la interfaz de administración configurada sobre un sistema afectado. La vulnerabilidad es debido a la configuración de diferentes listas de acceso de administración, con puertos permitidos en una lista de acceso y denegados en otra. Un atacante podría explotar esta vulnerabilidad mediante el envío de tráfico de administración remota diseñado hacia la dirección IP local de un sistema afectado. Una explotación con éxito podría permitir a un atacante omitir las políticas configuradas de la lista de acceso de administración, y el tráfico a la interfaz de administración no sería denegado apropiadamente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-12 CVE Reserved
- 2020-05-06 CVE Published
- 2023-03-07 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Asa 5505 Firmware Search vendor "Cisco" for product "Asa 5505 Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5505 Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5505 Search vendor "Cisco" for product "Asa 5505" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5505 Firmware Search vendor "Cisco" for product "Asa 5505 Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5505 Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5505 Search vendor "Cisco" for product "Asa 5505" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5510 Firmware Search vendor "Cisco" for product "Asa 5510 Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5510 Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5510 Search vendor "Cisco" for product "Asa 5510" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5510 Firmware Search vendor "Cisco" for product "Asa 5510 Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5510 Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5510 Search vendor "Cisco" for product "Asa 5510" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5512-x Firmware Search vendor "Cisco" for product "Asa 5512-x Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5512-x Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5512-x Search vendor "Cisco" for product "Asa 5512-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5512-x Firmware Search vendor "Cisco" for product "Asa 5512-x Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5512-x Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5512-x Search vendor "Cisco" for product "Asa 5512-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5515-x Firmware Search vendor "Cisco" for product "Asa 5515-x Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5515-x Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5515-x Search vendor "Cisco" for product "Asa 5515-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5515-x Firmware Search vendor "Cisco" for product "Asa 5515-x Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5515-x Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5515-x Search vendor "Cisco" for product "Asa 5515-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5520 Firmware Search vendor "Cisco" for product "Asa 5520 Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5520 Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5520 Search vendor "Cisco" for product "Asa 5520" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5520 Firmware Search vendor "Cisco" for product "Asa 5520 Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5520 Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5520 Search vendor "Cisco" for product "Asa 5520" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5525-x Firmware Search vendor "Cisco" for product "Asa 5525-x Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5525-x Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5525-x Search vendor "Cisco" for product "Asa 5525-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5525-x Firmware Search vendor "Cisco" for product "Asa 5525-x Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5525-x Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5525-x Search vendor "Cisco" for product "Asa 5525-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5540 Firmware Search vendor "Cisco" for product "Asa 5540 Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5540 Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5540 Search vendor "Cisco" for product "Asa 5540" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5540 Firmware Search vendor "Cisco" for product "Asa 5540 Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5540 Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5540 Search vendor "Cisco" for product "Asa 5540" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5545-x Firmware Search vendor "Cisco" for product "Asa 5545-x Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5545-x Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5545-x Search vendor "Cisco" for product "Asa 5545-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5545-x Firmware Search vendor "Cisco" for product "Asa 5545-x Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5545-x Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5545-x Search vendor "Cisco" for product "Asa 5545-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5550 Firmware Search vendor "Cisco" for product "Asa 5550 Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5550 Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5550 Search vendor "Cisco" for product "Asa 5550" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5550 Firmware Search vendor "Cisco" for product "Asa 5550 Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5550 Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5550 Search vendor "Cisco" for product "Asa 5550" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5555-x Firmware Search vendor "Cisco" for product "Asa 5555-x Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5555-x Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5555-x Search vendor "Cisco" for product "Asa 5555-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5555-x Firmware Search vendor "Cisco" for product "Asa 5555-x Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5555-x Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5555-x Search vendor "Cisco" for product "Asa 5555-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5580 Firmware Search vendor "Cisco" for product "Asa 5580 Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5580 Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5580 Search vendor "Cisco" for product "Asa 5580" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5580 Firmware Search vendor "Cisco" for product "Asa 5580 Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5580 Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5580 Search vendor "Cisco" for product "Asa 5580" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5585-x Firmware Search vendor "Cisco" for product "Asa 5585-x Firmware" | 9.12\(1.6\) Search vendor "Cisco" for product "Asa 5585-x Firmware" and version "9.12\(1.6\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5585-x Search vendor "Cisco" for product "Asa 5585-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Asa 5585-x Firmware Search vendor "Cisco" for product "Asa 5585-x Firmware" | 201.5\(23.16\) Search vendor "Cisco" for product "Asa 5585-x Firmware" and version "201.5\(23.16\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5585-x Search vendor "Cisco" for product "Asa 5585-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 < 6.3.0.6 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 < 6.3.0.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.4.0 < 6.4.0.7 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.4.0 < 6.4.0.7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.5.0 < 6.5.0.2 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.5.0 < 6.5.0.2" | - |
Affected
| ||||||