Lucene search

[email protected]CVE-2020-3578

HistoryOct 21, 2020 - 7:15 p.m.

CVE-2020-3578

2020-10-2119:15:18

CWE-863

[email protected]

web.nvd.nist.gov

cisco

asa

ftd

software

vulnerability

cve-2020-3578

webvpn

remote access

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. The vulnerability is due to insufficient validation of URLs when portal access rules are configured. An attacker could exploit this vulnerability by accessing certain URLs on the affected device.

Affected configurations

NVD

Node

ciscofirepower_threat_defenseRange<6.3.0.6

ciscofirepower_threat_defenseRange6.4.0–6.4.0.10

ciscofirepower_threat_defenseRange6.5.0–6.5.0.5

ciscofirepower_threat_defenseRange6.6.0–6.6.1

Node

ciscoadaptive_security_appliance_softwareRange<9.6.4.45

ciscoadaptive_security_appliance_softwareRange9.7–9.8.4.26

ciscoadaptive_security_appliance_softwareRange9.9–9.9.2.80

ciscoadaptive_security_appliance_softwareRange9.10–9.10.1.44

ciscoadaptive_security_appliance_softwareRange9.12–9.12.4.4

ciscoadaptive_security_appliance_softwareRange9.13–9.13.1.13

ciscoadaptive_security_appliance_softwareRange9.14–9.14.1.19

CPENameOperatorVersion
cisco:firepower_threat_defensecisco firepower threat defenselt6.3.0.6
cisco:firepower_threat_defensecisco firepower threat defenselt6.4.0.10
cisco:firepower_threat_defensecisco firepower threat defenselt6.5.0.5
cisco:firepower_threat_defensecisco firepower threat defenselt6.6.1

CPE	Name	Operator	Version
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.3.0.6
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.4.0.10
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.5.0.5
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.6.1

CNA Affected

[
  {
    "product": "Cisco Adaptive Security Appliance (ASA) Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-P73ABNWQ

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

Related for CVE-2020-3578

nessus2 prion1 cvelist1 nvd1 cisco1