Lucene search

CiscoCVE-2020-3167

HistoryFeb 26, 2020 - 5:15 p.m.

CVE-2020-3167

2020-02-2617:15:12

CWE-78

cisco

web.nvd.nist.gov

cve-2020-3167

cisco

fxos

ucs manager

vulnerability

command execution

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.

Affected configurations

Nvd

Node

ciscofirepower_threat_defenseRange6.2.2–6.2.3.13

ciscofirepower_threat_defenseRange6.3.0–6.4.0.8

ciscofirepower_threat_defenseRange6.5.0–6.5.0.2

ciscoadaptive_security_appliance_softwareRange9.8–9.9.2.66

ciscoadaptive_security_appliance_softwareRange9.10–9.12.3.6

ciscoadaptive_security_appliance_softwareRange9.13–9.13.1.5

AND

ciscofirepower_1010Match-

ciscofirepower_1120Match-

ciscofirepower_1140Match-

ciscofirepower_1150Match-

ciscofirepower_2110Match-

ciscofirepower_2120Match-

ciscofirepower_2130Match-

ciscofirepower_2140Match-

Node

ciscofirepower_extensible_operating_systemRange<2.4.1.234

AND

ciscofirepower_4110Match-

ciscofirepower_4115Match-

ciscofirepower_4120Match-

ciscofirepower_4125Match-

ciscofirepower_4140Match-

ciscofirepower_4145Match-

ciscofirepower_4150Match-

ciscofirepower_9300Match-

Node

ciscoucs_managerRange<3.2\(3n\)

ciscoucs_managerRange4.0–4.0\(4g\)

AND

ciscoucs_6248upMatch-

ciscoucs_6296upMatch-

ciscoucs_6324Match-

ciscoucs_6332Match-

ciscoucs_6332-16upMatch-

ciscoucs_64108Match-

ciscoucs_6454Match-

VendorProductVersionCPE
ciscofirepower_threat_defense*cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software*cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
ciscofirepower_1010-cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*
ciscofirepower_1120-cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*
ciscofirepower_1140-cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*
ciscofirepower_1150-cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*
ciscofirepower_2110-cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*
ciscofirepower_2120-cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*
ciscofirepower_2130-cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*
ciscofirepower_2140-cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	firepower_threat_defense	*	cpe:2.3:a:cisco:firepower_threat_defense::::::::
cisco	adaptive_security_appliance_software	*	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
cisco	firepower_1010	-	cpe:2.3:h:cisco:firepower_1010:-:::::::*
cisco	firepower_1120	-	cpe:2.3:h:cisco:firepower_1120:-:::::::*
cisco	firepower_1140	-	cpe:2.3:h:cisco:firepower_1140:-:::::::*
cisco	firepower_1150	-	cpe:2.3:h:cisco:firepower_1150:-:::::::*
cisco	firepower_2110	-	cpe:2.3:h:cisco:firepower_2110:-:::::::*
cisco	firepower_2120	-	cpe:2.3:h:cisco:firepower_2120:-:::::::*
cisco	firepower_2130	-	cpe:2.3:h:cisco:firepower_2130:-:::::::*
cisco	firepower_2140	-	cpe:2.3:h:cisco:firepower_2140:-:::::::*

Rows per page:

1-10 of 271

CNA Affected

[
  {
    "product": "Cisco Adaptive Security Appliance (ASA) Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cmdinj

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.2%

JSON

Related for CVE-2020-3167