CVE-2020-3307
Description
A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.164
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Firepower Management Center Arbitrary Log File Write Vulnerability For Cisco Firepower Management Center Virtual Appliance | NCM |
| Improper Input Validation Vulnerability (CVE-2020-3307) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705938 | Security Update for Cisco Firepower Management Center Virtual Appliance 6.1.0.1 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234