CVE-2020-3550

Name of the Vulnerable Software and Affected Versions Cisco Firepower Management Center (FMC) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A vulnerability in the sfmgr daemon could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands, potentially allowing them to read or write arbitrary files on an sftunnel-connected peer device.

Recommendations For Cisco Firepower Management Center (FMC) Software, update to a version that addresses the directory traversal issue in the sfmgr daemon. For Cisco Firepower Threat Defense (FTD) Software, update to a version that addresses the directory traversal issue in the sfmgr daemon. As a temporary workaround, consider restricting access to the sfmgr daemon and limiting the use of relative paths in sfmgr commands until a patch is available.