CVE-2020-3565

Description

A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. The vulnerability exists because TCP Intercept is invoked when the embryonic connection limit is reached, which can cause the underlying detection engine to process the packet incorrectly. An attacker could exploit this vulnerability by sending a crafted stream of traffic that matches a policy on which TCP Intercept is configured. A successful exploit could allow the attacker to match on an incorrect policy, which could allow the traffic to be forwarded when it should be dropped. In addition, the traffic could incorrectly be dropped.

Risk Information

Base Score

5.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS Score

Exploitation Probability

0.199

Associated Vulnerability

Vulnerability	OS Platform
Cisco Firepower Threat Defense Software TCP Intercept Bypass Vulnerability For Cisco Firepower Threat Defense Software	NCM
Improper Authentication Vulnerability (CVE-2020-3565)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706067	Security Update for Cisco Firepower Threat Defense Software Gibraltar-16.12.5

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234