V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
BDU:2020-05271
BDU
MediumConfirmedExploit available

Уязвимость интерфейса веб-служб AnyConnect и WebVPN микропрограммного обеспечения межсетевых экранов Cisco Firepower Threat Defense (FTD) и…

CVSS
6.1
Medium
EPSS
0.00
p0
Published
2020-01-01
Updated
2020-01-01
Description

Уязвимость интерфейса веб-служб AnyConnect и WebVPN микропрограммного обеспечения межсетевых экранов Cisco Firepower Threat Defense (FTD) и Cisco Adaptive Security Appliance (ASA) связана с недостаточной защитой структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществить межсайтовую сценарную атаку

Tags · CWE
Pre-auth
Affected products
Cisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Adaptive security applianceCisco systems inc. Firepower threat defenseCisco systems inc. Firepower threat defenseCisco systems inc. Firepower threat defenseCisco systems inc. Firepower threat defense
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Timeline
2020-01-01
Published
2020-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: C
Changed (C)
Confidentiality Impact
C: L
Low (L)
Integrity Impact
I: L
Low (L)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
BDU:2020-05271
bdu_exploit · https://bdu.fstec.ru/vul
Enterprise
CVE-2020-3580
github-poc · https://github.com/catatonicprime/CVE-2020-3580
Enterprise
Affected software
ProductVendorStatus
adaptive security appliancecisco systems inc.Tracked
adaptive security appliancecisco systems inc.Tracked
adaptive security appliancecisco systems inc.Tracked
adaptive security appliancecisco systems inc.Tracked
adaptive security appliancecisco systems inc.Tracked
adaptive security appliancecisco systems inc.Tracked
firepower threat defensecisco systems inc.Tracked
firepower threat defensecisco systems inc.Tracked
firepower threat defensecisco systems inc.Tracked
firepower threat defensecisco systems inc.Tracked
Source databases
BDU
Related vulnerabilities
CVE-2020-3580