A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI access.
Published 2020-10-21 19:15:16
Updated 2020-10-23 17:59:45
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-3352

0.04%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-3352

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
1.9
LOW AV:L/AC:M/Au:N/C:N/I:P/A:N
3.4
2.9
NIST
5.3
MEDIUM CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1.8
3.4
Cisco Systems, Inc.
5.5
MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1.8
3.6
NIST

CWE ids for CVE-2020-3352

  • The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
    Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2020-3352

Products affected by CVE-2020-3352

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!