CVE-2020-3166: Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability
First published: Wed Feb 26 2020(Updated: )
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Threat Defense | >=6.2.2<6.2.3.16 | |
| Cisco Firepower Threat Defense | >=6.3.0<6.5.0.3 | |
| Cisco Adaptive Security Appliance Software | >=9.8<9.9.2.66 | |
| Cisco Adaptive Security Appliance Software | >=9.10<9.13.1.5 | |
| Cisco Firepower 1010 | ||
| Cisco Firepower 1120 | ||
| Cisco Firepower 1140 | ||
| Cisco Firepower 1150 | ||
| Cisco Firepower 2110 | ||
| Cisco Firepower 2120 | ||
| Cisco Firepower 2130 | ||
| Cisco Firepower 2140 | ||
| Cisco Firepower Extensible Operating System | <2.2.2.97 | |
| Cisco Firepower Extensible Operating System | >=2.3<2.3.1.155 | |
| Cisco Firepower Extensible Operating System | >=2.4<2.4.1.238 | |
| Cisco Firepower Extensible Operating System | >=2.6<2.6.1.157 | |
| Cisco Firepower 4110 | ||
| Cisco Firepower 4115 | ||
| Cisco Firepower 4120 | ||
| Cisco Firepower 4125 | ||
| Cisco Firepower 4140 | ||
| Cisco Firepower 4145 | ||
| Cisco Firepower 4150 | ||
| Cisco Firepower 9300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3166?
CVE-2020-3166 is a vulnerability in the CLI of Cisco FXOS Software that could allow an authenticated local attacker to read or write arbitrary files on the underlying operating system.
How does CVE-2020-3166 affect Cisco Firepower Threat Defense?
CVE-2020-3166 affects Cisco Firepower Threat Defense versions 6.2.2 to 6.2.3.16 and versions 6.3.0 to 6.5.0.3.
How does CVE-2020-3166 affect Cisco Adaptive Security Appliance Software?
CVE-2020-3166 affects Cisco Adaptive Security Appliance Software versions 9.8 to 9.9.2.66 and versions 9.10 to 9.13.1.5.
What is the severity of CVE-2020-3166?
The severity of CVE-2020-3166 is medium with a CVSS score of 6.7.
How can I fix CVE-2020-3166?
To fix CVE-2020-3166, Cisco has provided software updates that address the vulnerability. Please refer to the Cisco advisory for more information.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco firepower threat defense
- version/cisco firepower threat defense/6.2.2
- version/cisco firepower threat defense/6.3.0
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/9.8
- version/cisco adaptive security appliance software/9.10
- canonical/cisco firepower 1010
- canonical/cisco firepower 1120
- canonical/cisco firepower 1140
- canonical/cisco firepower 1150
- canonical/cisco firepower 2110
- canonical/cisco firepower 2120
- canonical/cisco firepower 2130
- canonical/cisco firepower 2140
- canonical/cisco firepower extensible operating system
- version/cisco firepower extensible operating system/2.3
- version/cisco firepower extensible operating system/2.4
- version/cisco firepower extensible operating system/2.6
- canonical/cisco firepower 4110
- canonical/cisco firepower 4115
- canonical/cisco firepower 4120
- canonical/cisco firepower 4125
- canonical/cisco firepower 4140
- canonical/cisco firepower 4145
- canonical/cisco firepower 4150
- canonical/cisco firepower 9300