CVE-2020-3352 MEDIUM

CVE-2020-3352: Cisco Firepower Threat Defense Software Hidden Commands Vulnerability

Vendor Cisco
Product Cisco Firepower Threat Defense Software
Weakness CWE-912
Published October 21, 2020
Last update November 13, 2024

CVSS base score

5.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI access.

Key dates

02Disclosure timeline

October 21, 2020 CVE published
November 13, 2024 Record updated