VDB

CVE-2020-3457

CVE-2020-3457 PUBLISHED CVSS 6.699999809265137 MEDIUM

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

EPSS 0.15% · 35.5th percentile

Risk Scores

CVSS 3.0
6.699999809265137
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.15%
35.5th percentile

Affected Products

VendorProductVersions
ciscofirepower_threat_defense6.5.0, 6.4.0, 6.2.2
CiscoCisco Adaptive Security Appliance (ASA) Softwaren/a
ciscofirepower_extensible_operating_system2.6, 2.4, 2.8
ciscoadaptive_security_appliance_software9.10, 9.13, 9.12

Timeline

  • Oct 21, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›