CVE-2020-3310

Cisco Firepower Device Manager On-Box Software XML Parsing Vulnerability

Severity Score

4.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways using a malicious file: An attacker with administrative privileges could upload a malicious XML file on the system and cause the XML code to parse the malicious file. An attacker with Clientless Secure Sockets Layer (SSL) VPN access could exploit this vulnerability by sending a crafted XML file. A successful exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.

Una vulnerabilidad en el código del analizador XML del software Cisco Firepower Device Manager On-Box, podría permitir a un atacante remoto autenticado causar que un sistema afectado se vuelva inestable o se sobrecargue. La vulnerabilidad es debido a un endurecimiento (hardening) insuficiente de la configuración del analizador XML. Un atacante podría explotar esta vulnerabilidad de múltiples maneras usando un archivo malicioso: Un atacante con privilegios administrativos podría cargar un archivo XML malicioso sobre el sistema y causar que el código XML analice el archivo malicioso. Un atacante con acceso VPN Secure Sockets Layer (SSL) sin cliente podría explotar esta vulnerabilidad mediante el envío de un archivo XML diseñado. Una explotación con éxito permitiría a un atacante bloquear el proceso del analizador XML, lo que podría causar inestabilidad del sistema, agotamiento de la memoria y, en algunos casos conllevar a una recarga del sistema afectado.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-12-12 CVE Reserved
2020-05-06 CVE Published
2023-03-07 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xpftd-gYDXyN8H	2021-10-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Firepower Device Manager On-box Search vendor "Cisco" for product "Firepower Device Manager On-box"				< 6.2.3 Search vendor "Cisco" for product "Firepower Device Manager On-box" and version " < 6.2.3"		-		Affected