CVE-2020-3545

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-3545
A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-buffer-cSdmfWUt Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*
History

20 Apr 2023, 15:27

Type Values Removed Values Added
First Time Cisco firepower Extensible Operating System
CPE cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*

19 Oct 2021, 19:54

Type Values Removed Values Added
CWE CWE-119 CWE-787
Information

Published : 2020-09-04 03:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-3545

Mitre link : CVE-2020-3545

CVE.ORG link : CVE-2020-3545

JSON object : View

Products Affected

cisco

  • firepower_4112
  • firepower_4150
  • firepower_4120
  • firepower_4110
  • firepower_4145
  • firepower_4125
  • firepower_4140
  • firepower_extensible_operating_system
  • firepower_4115
  • firepower_9300
CWE
CWE-787

Out-of-bounds Write

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer