1. Home
  2. CVE Database
  3. CVE-2020-3352
MEDIUM · 5.5

CVE-2020-3352

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocume...

Vulnerability Description

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI access.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
CiscoFirepower Threat Defense< 6.3.0.6

Related Weaknesses (CWE)

CWE-912

References

FAQ

What is CVE-2020-3352?

CVE-2020-3352 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocume...

How severe is CVE-2020-3352?

CVE-2020-3352 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3352?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Firepower Threat Defense.