CVE-2020-3410 HIGH

CVE-2020-3410: Cisco Firepower Management Center Software Common Access Card Authentication Bypass Vulnerability

Vendor Cisco
Product Cisco Firepower Management Center
Weakness CWE-287 · Improper authentication
Published October 21, 2020
Last update November 13, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during CAC authentication. An attacker could exploit this vulnerability by performing a CAC-based authentication attempt to an affected system. A successful exploit could allow the attacker to access an affected system with the privileges of a CAC-authenticated user who is currently logged in.

Key dates

02Disclosure timeline

October 21, 2020 CVE published
November 13, 2024 Record updated