admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-35xx/CVE-2020-3550.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

191 lines
7.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-3550",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2020-10-21T19:15:17.217",
"lastModified": "2020-10-30T13:29:20.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el demonio sfmgr de Cisco Firepower Management Center (FMC) Software y Cisco Firepower Threat Defense (FTD) Software, podr\u00eda permitir a un atacante remoto autenticado llevar a cabo un salto de directorio y acceder a directorios fuera de la ruta restringida. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el uso de una ruta relativa en comandos sfmgr espec\u00edficos. Una explotaci\u00f3n podr\u00eda permitir a un atacante leer o escribir archivos arbitrarios en un dispositivo peer conectado a sftunnel"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.1",
"matchCriteriaId": "F74A789B-7017-4BA0-B57F-BADA67D3F2FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndExcluding": "6.3.0.6",
"matchCriteriaId": "7E57B5EF-7DB7-49B0-8883-2ABB1384DE4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.0.10",
"matchCriteriaId": "10FCBC75-2799-4F5E-B210-0B6976AC9E0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9641FE9B-BC9F-472F-B53B-F4287EE2F17A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1895BC03-A0B4-4AE8-8EB5-DAFC913E4B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.1",
"matchCriteriaId": "AD83F585-B278-44C6-92AE-5B1CF434B17D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndExcluding": "6.3.0.6",
"matchCriteriaId": "9D27DE97-510A-4761-8184-6940745B54E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.0.10",
"matchCriteriaId": "53C69C8B-5A19-4613-8861-683CF21806B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC52A8B-7DF4-47B2-9F49-627F59656E5E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD48BE40-C647-429A-81B6-59E125BBE415"
}
]
}
]
}
],
"references": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dirtrav-NW8XcuSB",
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink