What is the severity of CVE-2020-3550?

CVE-2020-3550 has a medium severity score, which indicates a moderate risk for exploitation.

What systems are affected by CVE-2020-3550?

CVE-2020-3550 affects multiple versions of Cisco Firepower Management Center Software, Cisco Firepower Threat Defense, and Cisco Secure Firewall Management Center.

How do I fix CVE-2020-3550?

To mitigate CVE-2020-3550, upgrade to the latest available software version provided by Cisco.

What type of attack can exploit CVE-2020-3550?

CVE-2020-3550 can be exploited by an authenticated, remote attacker to perform directory traversal attacks.

Is authentication required to exploit CVE-2020-3550?

Yes, an attacker must be authenticated to exploit CVE-2020-3550.

Vulnerability/
CVE-2020-3550

high

8.1

CWE

22 20

21/10/2020

26/11/2024

CVE-2020-3550: Cisco Firepower Management Center Software and Firepower Threat Defense Software Directory Traversal Vulnerability

First published: Wed Oct 21 2020(Updated: )

A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	<=6.0.1
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	>=6.3.0<6.3.0.6
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	>=6.4.0<6.4.0.10
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=6.2.0
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=6.2.1
Cisco Secure Firewall Threat Defense	<=6.0.1
Cisco Secure Firewall Threat Defense	>=6.3.0<6.3.0.6
Cisco Secure Firewall Threat Defense	>=6.4.0<6.4.0.10
Cisco Secure Firewall Threat Defense	=6.2.0
Cisco Secure Firewall Threat Defense	=6.2.1
Cisco Secure Firewall Management Center	<=6.0.1
Cisco Secure Firewall Management Center	>=6.3.0<6.3.0.6
Cisco Secure Firewall Management Center	>=6.4.0<6.4.0.10
Cisco Secure Firewall Management Center	=6.2.0
Cisco Secure Firewall Management Center	=6.2.1

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dirtrav-NW8XcuSB

Frequently Asked Questions

What is the severity of CVE-2020-3550?
CVE-2020-3550 has a medium severity score, which indicates a moderate risk for exploitation.
What systems are affected by CVE-2020-3550?
CVE-2020-3550 affects multiple versions of Cisco Firepower Management Center Software, Cisco Firepower Threat Defense, and Cisco Secure Firewall Management Center.
How do I fix CVE-2020-3550?
To mitigate CVE-2020-3550, upgrade to the latest available software version provided by Cisco.
What type of attack can exploit CVE-2020-3550?
CVE-2020-3550 can be exploited by an authenticated, remote attacker to perform directory traversal attacks.
Is authentication required to exploit CVE-2020-3550?
Yes, an attacker must be authenticated to exploit CVE-2020-3550.

agent/weakness
agent/type
agent/severity
agent/title
agent/references
agent/description
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/cisco
canonical/cisco firepower management center (fmc) and firepower threat defense (ftd) software
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.0.1
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.3.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.4.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.2.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.2.1
canonical/cisco secure firewall threat defense
version/cisco secure firewall threat defense/6.0.1
version/cisco secure firewall threat defense/6.3.0
version/cisco secure firewall threat defense/6.4.0
version/cisco secure firewall threat defense/6.2.0
version/cisco secure firewall threat defense/6.2.1
canonical/cisco secure firewall management center
version/cisco secure firewall management center/6.0.1
version/cisco secure firewall management center/6.3.0
version/cisco secure firewall management center/6.4.0
version/cisco secure firewall management center/6.2.0
version/cisco secure firewall management center/6.2.1