Multiple vulnerabilities in Cisco Firepower Device Manager On-Box Software



Published: 2020-05-07
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-3310
CVE-2020-3309
CWE-ID CWE-119
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Cisco Firepower Device Manager On-Box
Client/Desktop applications / Other client software

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU27579

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3310

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote use to compromise the target system.

The vulnerability exists due to insufficient hardening of the XML parser configuration. A remote administrator can use a specially crafted XML file, trigger memory corruption and cause the target system to become unstable or reload.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Firepower Device Manager On-Box: before 6.2.3

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xpftd-gYDXyN8H


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU27580

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3309

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to overwrite arbitrary files on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote administrator can uploading a malicious file and overwrite arbitrary files on as well as modify the underlying operating system of an affected device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Firepower Device Manager On-Box: before 6.2.3

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdmfo-HvPWKxDe


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###