Vulnerabilities > CVE-2020-3186 - Unspecified vulnerability in Cisco products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
cisco
nessus

Summary

A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the configuration of different management access lists, with ports allowed in one access list and denied in another. An attacker could exploit this vulnerability by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could allow the attacker to bypass the configured management access list policies, and traffic to the management interface would not be properly denied.

Vulnerable Configurations

Part Description Count
Application
Cisco
15
OS
Cisco
24
Hardware
Cisco
12

Nessus

NASL familyCISCO
NASL idCISCO-SA-FTD-ACCESSLIST-BYPASS-5DZS5QZP.NASL
descriptionAccording to its version and configuration, the Cisco Firepower Threat Defense (FTD) Software running on the remote device is affected by vulnerability, where an unauthenticated attacker could bypass a configured management interface access list on an affected system. The vulnerability is due to the configuration of different management access lists, one with ports allowed and denied in another. An attacker could exploit this vulnerability by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could allow the attacker to bypass the configured management access list policies, and traffic to the management interface would not be properly denied.
last seen2020-05-31
modified2020-05-19
plugin id136700
published2020-05-19
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/136700
titleCisco Firepower Threat Defense Software Management Access List Bypass Vulnerability (cisco-sa-ftd-accesslist-bypass-5dZs5qZp)
code
#TRUSTED 96b000082f13eddcba6c8ecc675c08b6e6009e4cdb40f22743fadbc9f291c8a95d377cb53b54837d45fc47eb0382a5e5f8cf84551e6a7cd7de2c82f96648165c496fb53673c537eaf1a533d89d1c559b19d0066d7c8b093acf12703a24f1cc6471ffc778e142595c8031dfff80034b38bcedff8a9eea0d9ecfdfc5977e85ec6466ce5060f13565e920a5e8e22a57b9345e480aa0e8124c8fb9036c8e01733926bc4c6dac9d819c09b0aad98c56e6de77be6c4e9bdcfbf753ec0fe4d0707d2eed3b0f315990828eee11cbfb0463317426c34b7af2770d3758eef84dea556a279e76447911ab3b1b1c687f1eea4dae3ad66b34c47983d7f2cb4e6bfe5ef980a41b9e55d4237ee50ac789c00ff175f54f9303898932b179141740d2de044e67a6a4fcf3c706cbf772afe35f5d1ad9ca4be631716bf5c496d1068dd4ceaf4ac807a36caf304f8ca2af96cb658bbb0cf7d05e243dfa45950e796bb264607285d18219436dc9f7820c6de719d61106c2d96532ced84102e6a9a8ec0f8e516204a40b94990641cb7d95fb906ff19a31208962c61d871a19c508ac21050a8d516c731521f65d6c57b1cd4cae9447ab27e3b9d016e1151abd38d1c44b7d5eee2d4bdcdf0d5649f83f5b3b377f319a809371efc370c275f82818eb5e399c6db64e5890450cd4e0b8464d2965ad921197409f4a428301ac5e9fc438f64d520026be79345425
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(136700);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/27");

  script_cve_id("CVE-2020-3186");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvr13823");
  script_xref(name:"CISCO-SA", value:"cisco-sa-ftd-accesslist-bypass-5dZs5qZp");
  script_xref(name:"IAVA", value:"2020-A-0205");

  script_name(english:"Cisco Firepower Threat Defense Software Management Access List Bypass Vulnerability (cisco-sa-ftd-accesslist-bypass-5dZs5qZp)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its version and configuration, the Cisco Firepower Threat Defense (FTD) Software
running on the remote device is affected by vulnerability, where an unauthenticated attacker could bypass a configured
management interface access list on an affected system. The vulnerability is due to the configuration of different 
management access lists, one with ports allowed and denied in another. An attacker could exploit this vulnerability 
by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could 
allow the attacker to bypass the configured management access list policies, and traffic to the management interface 
would not be properly denied.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-accesslist-bypass-5dZs5qZp
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?122de846");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr13823");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvr13823");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3186");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(284);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:firepower_threat_defense");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_asa_firepower_version.nasl", "cisco_enumerate_firepower.nbin");
  script_require_keys("installed_sw/Cisco Firepower Threat Defense");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco Firepower Threat Defense');

vuln_ranges = [
  {'min_ver' : '6.3.0', 'fix_ver' : '6.3.0.6'},
  {'min_ver' : '6.4.0', 'fix_ver' : '6.4.0.7'},
  {'min_ver' : '6.5.0', 'fix_ver' : '6.5.0.2'}
];
workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_WARNING,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvr13823'
);

cisco::check_and_report(
  product_info:product_info,
  workarounds:workarounds,
  workaround_params:workaround_params,
  reporting:reporting,
  vuln_ranges:vuln_ranges
);