Cisco Firepower Management Center Software Common Access Card Authentication Bypass (cisco-sa-fmc-cacauthbyp-NCLGZm3Q)

high Nessus Plugin ID 152390

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco Firepower Management Center is affected by a vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during CAC authentication. An attacker could exploit this vulnerability by performing a CAC-based authentication attempt to an affected system. A successful exploit could allow the attacker to access an affected system with the privileges of a CAC-authenticated user who is currently logged in.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvv16245

See Also

http://www.nessus.org/u?41bc9847

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv16245

Plugin Details

Severity: High

ID: 152390

File Name: cisco-sa-fmc-cacauthbyp-NCLGZm3Q.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 8/10/2021

Updated: 3/31/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-3410

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:firepower_management_center

Required KB Items: Host/Cisco/firepower_mc/version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/21/2020

Vulnerability Publication Date: 10/21/2020

Reference Information

CVE: CVE-2020-3410

CWE: 287

CISCO-SA: cisco-sa-fmc-cacauthbyp-NCLGZm3Q

IAVA: 2020-A-0488-S

CISCO-BUG-ID: CSCvv16245