PT-2020-2514 · Cisco · Cisco Firepower Device Manager (Fdm) On-Box

Published

2020-05-06

Updated

2020-05-12

CVE-2020-3309

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Firepower Device Manager (FDM) On-Box software (affected versions not specified)

Description A vulnerability exists due to improper input validation, allowing an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device by uploading a malicious file. This could also enable the attacker to modify the underlying operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-20

Related Identifiers

BDU:2020-02525

CVE-2020-3309

Affected Products

Cisco Firepower Device Manager (Fdm) On-Box

PT-2020-2514 · Cisco · Cisco Firepower Device Manager (Fdm) On-Box

CVE-2020-3309

Weakness Enumeration

Related Identifiers

Affected Products

References · 4