Description
A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-infodis-kZxGtUJD
Scores
CVSS v3
7.5
EPSS
0.0055
EPSS Percentile
68.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
CWE-732
Status
published
Products (5)
cisco/secure_firewall_management_center
6.2.3
cisco/secure_firewall_management_center
6.2.3.10
cisco/secure_firewall_management_center
6.3.0
cisco/secure_firewall_management_center
6.4.0
cisco/secure_firewall_management_center
6.5.0
Published
May 06, 2020
Tracked Since
Feb 18, 2026