What is the severity of CVE-2020-3558?

CVE-2020-3558 is rated as a high-severity vulnerability due to its potential for remote exploitation.

How do I fix CVE-2020-3558?

To fix CVE-2020-3558, you should update Cisco Firepower Management Center to the latest version available that addresses this issue.

Who is affected by CVE-2020-3558?

CVE-2020-3558 affects multiple versions of Cisco Secure Firewall Management Center and Firepower Management Center Software.

What type of attack can be executed using CVE-2020-3558?

An attacker can use CVE-2020-3558 to redirect users to a malicious web page without authentication.

Is authentication required to exploit CVE-2020-3558?

No, CVE-2020-3558 can be exploited by an unauthenticated remote attacker.

Vulnerability/
CVE-2020-3558

medium

6.1

CWE

601 20

21/10/2020

26/11/2024

CVE-2020-3558: Cisco Firepower Management Center Software Open Redirect Vulnerability

First published: Wed Oct 21 2020(Updated: )

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Secure Firewall Management Center	>=6.2.0<=6.2.3.16
Cisco Secure Firewall Management Center	>=6.3.0<=6.3.0.5
Cisco Secure Firewall Management Center	>=6.4.0<=6.4.0.9
Cisco Secure Firewall Management Center	>=6.5.0<=6.5.0.4
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	>=6.2.0<=6.2.3.16
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	>=6.3.0<=6.3.0.5
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	>=6.4.0<=6.4.0.9
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	>=6.5.0<=6.5.0.4

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-redirect-NYDuSEQn

Frequently Asked Questions

What is the severity of CVE-2020-3558?
CVE-2020-3558 is rated as a high-severity vulnerability due to its potential for remote exploitation.
How do I fix CVE-2020-3558?
To fix CVE-2020-3558, you should update Cisco Firepower Management Center to the latest version available that addresses this issue.
Who is affected by CVE-2020-3558?
CVE-2020-3558 affects multiple versions of Cisco Secure Firewall Management Center and Firepower Management Center Software.
What type of attack can be executed using CVE-2020-3558?
An attacker can use CVE-2020-3558 to redirect users to a malicious web page without authentication.
Is authentication required to exploit CVE-2020-3558?
No, CVE-2020-3558 can be exploited by an unauthenticated remote attacker.

agent/type
agent/title
agent/references
agent/weakness
agent/description
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/author
agent/severity
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco secure firewall management center
version/cisco secure firewall management center/6.2.0
version/cisco secure firewall management center/6.2.3.16
version/cisco secure firewall management center/6.3.0
version/cisco secure firewall management center/6.3.0.5
version/cisco secure firewall management center/6.4.0
version/cisco secure firewall management center/6.4.0.9
version/cisco secure firewall management center/6.5.0
version/cisco secure firewall management center/6.5.0.4
canonical/cisco firepower management center (fmc) and firepower threat defense (ftd) software
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.2.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.2.3.16
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.3.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.3.0.5
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.4.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.4.0.9
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.5.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.5.0.4