CVE-2020-3557
First published: Wed Oct 21 2020(Updated: )
A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted data stream to the host input daemon of the affected device. A successful exploit could allow the attacker to cause the host input daemon to restart. The attacker could use repeated attacks to cause the daemon to continuously reload, creating a DoS condition for the API.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Management Center | <6.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3557?
CVE-2020-3557 is a vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software.
How does CVE-2020-3557 affect Cisco Firepower Management Center?
CVE-2020-3557 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
What causes CVE-2020-3557?
The vulnerability is due to improper certificate validation.
What is the severity of CVE-2020-3557?
CVE-2020-3557 has a severity rating of medium with a CVSS score of 5.3.
How can I fix CVE-2020-3557?
To fix CVE-2020-3557, users should upgrade to a version of Cisco Firepower Management Center (FMC) Software that is not affected.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/tags
- vendor/cisco
- canonical/cisco firepower management center