CVE-2020-3312

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The issue is due to insufficient application identification and inadequate access control. An attacker could exploit this by sending crafted traffic to an affected device, potentially allowing them to gain unauthorized read access to sensitive data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-732

Related Identifiers

BDU:2020-02517

CVE-2020-3312

Affected Products

Cisco Ftd

CVE-2020-3312

Weakness Enumeration

Related Identifiers

Affected Products

References · 4