What is CVE-2020-3457?

CVE-2020-3457 is a vulnerability in the CLI of Cisco FXOS Software that allows an authenticated local attacker to inject arbitrary commands with root privileges.

Which software versions are affected by CVE-2020-3457?

CVE-2020-3457 affects Cisco Firepower Extensible Operating System versions 2.4 to 2.8.

Is Cisco Firepower 9300 Sm-24 vulnerable to CVE-2020-3457?

No, Cisco Firepower 9300 Sm-24 is not vulnerable to CVE-2020-3457.

What is the severity of CVE-2020-3457?

The severity of CVE-2020-3457 is rated as high with a severity value of 6.7.

How can I fix the vulnerability CVE-2020-3457?

To fix CVE-2020-3457, it is recommended to update to a fixed software version provided by Cisco.

Vulnerability/
CVE-2020-3457

high

7.2

CWE

78 20

21/10/2020

13/11/2024

CVE-2020-3457: Cisco FXOS Software Command Injection Vulnerability

First published: Wed Oct 21 2020(Updated: )

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Extensible Operating System	>=2.4<2.4.1.266
Cisco Firepower Extensible Operating System	>=2.6<2.6.1.204
Cisco Firepower Extensible Operating System	>=2.7<2.7.1.131
Cisco Firepower Extensible Operating System	>=2.8<2.8.1.125
Cisco Firepower 4110
Cisco Firepower 4112
Cisco Firepower 4115
Cisco Firepower 4120
Cisco Firepower 4125
Cisco Firepower 4140
Cisco Firepower 4145
Cisco Firepower 4150
Cisco Firepower 9300 Sm-24
Cisco Firepower 9300 Sm-36
Cisco Firepower 9300 Sm-40
Cisco Firepower 9300 Sm-44
Cisco Firepower 9300 Sm-44 X 3
Cisco Firepower 9300 Sm-48
Cisco Firepower 9300 Sm-56
Cisco Firepower 9300 Sm-56 X 3
Cisco Adaptive Security Appliance Software	>=9.8<9.8.4.29
Cisco Adaptive Security Appliance Software	>=9.9<9.9.2.80
Cisco Adaptive Security Appliance Software	>=9.10<9.10.1.40
Cisco Adaptive Security Appliance Software	>=9.12<9.12.4.3
Cisco Adaptive Security Appliance Software	>=9.13<9.13.1.13
Cisco Firepower 1000
Cisco Firepower 1010
Cisco Firepower 1120
Cisco Firepower 1140
Cisco Firepower 1150
Cisco Firepower 2100
Cisco Firepower 2110
Cisco Firepower 2120
Cisco Firepower 2130
Cisco Firepower 2140
Cisco Firepower Threat Defense	>=6.2.2<6.3.0.6
Cisco Firepower Threat Defense	>=6.4.0<6.4.0.9
Cisco Firepower Threat Defense	>=6.5.0<6.5.0.5

Remedy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-pqZvmXCr

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-pqZvmXCr

Frequently Asked Questions

What is CVE-2020-3457?
CVE-2020-3457 is a vulnerability in the CLI of Cisco FXOS Software that allows an authenticated local attacker to inject arbitrary commands with root privileges.
Which software versions are affected by CVE-2020-3457?
CVE-2020-3457 affects Cisco Firepower Extensible Operating System versions 2.4 to 2.8.
Is Cisco Firepower 9300 Sm-24 vulnerable to CVE-2020-3457?
No, Cisco Firepower 9300 Sm-24 is not vulnerable to CVE-2020-3457.
What is the severity of CVE-2020-3457?
The severity of CVE-2020-3457 is rated as high with a severity value of 6.7.
How can I fix the vulnerability CVE-2020-3457?
To fix CVE-2020-3457, it is recommended to update to a fixed software version provided by Cisco.

collector/nvd-api
collector/nvd-index
agent/weakness
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/severity
agent/title
agent/references
agent/tags
agent/description
agent/event
agent/first-publish-date
vendor/cisco
canonical/cisco firepower extensible operating system
version/cisco firepower extensible operating system/2.4
version/cisco firepower extensible operating system/2.6
version/cisco firepower extensible operating system/2.7
version/cisco firepower extensible operating system/2.8
canonical/cisco firepower 4110
canonical/cisco firepower 4112
canonical/cisco firepower 4115
canonical/cisco firepower 4120
canonical/cisco firepower 4125
canonical/cisco firepower 4140
canonical/cisco firepower 4145
canonical/cisco firepower 4150
canonical/cisco firepower 9300 sm-24
canonical/cisco firepower 9300 sm-36
canonical/cisco firepower 9300 sm-40
canonical/cisco firepower 9300 sm-44
canonical/cisco firepower 9300 sm-44 x 3
canonical/cisco firepower 9300 sm-48
canonical/cisco firepower 9300 sm-56
canonical/cisco firepower 9300 sm-56 x 3
canonical/cisco adaptive security appliance software
version/cisco adaptive security appliance software/9.8
version/cisco adaptive security appliance software/9.9
version/cisco adaptive security appliance software/9.10
version/cisco adaptive security appliance software/9.12
version/cisco adaptive security appliance software/9.13
canonical/cisco firepower 1000
canonical/cisco firepower 1010
canonical/cisco firepower 1120
canonical/cisco firepower 1140
canonical/cisco firepower 1150
canonical/cisco firepower 2100
canonical/cisco firepower 2110
canonical/cisco firepower 2120
canonical/cisco firepower 2130
canonical/cisco firepower 2140
canonical/cisco firepower threat defense
version/cisco firepower threat defense/6.2.2
version/cisco firepower threat defense/6.4.0
version/cisco firepower threat defense/6.5.0