CVE-2020-3396

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.

CVSS v3 6.8 MEDIUM
CVSS v2.0 6.9 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.8

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321\/k9-rf_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321\/k9-ws_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321\/k9_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331\/k9-rf_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331\/k9-ws_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331\/k9_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351\/k9-rf_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351\/k9-ws_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351\/k9_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:asr_1000-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
	cpe:2.3:h:cisco:asr_1023:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24ux:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48un:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9404r:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9407r:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9410r:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-12q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-16x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32qc:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-40x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:::::::*
	cpe:2.3:h:cisco:csr1000v:-:::::::*

History

21 Nov 2024, 05:30

Type	Values Removed	Values Added
CVSS	v2 : ~~6.9~~ v3 : ~~7.2~~	v2 : 6.9 v3 : 6.8
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj - Vendor Advisory

23 May 2023, 13:55

Type	Values Removed	Values Added
CPE	cpe:2.3:h:cisco:isr4331\/k9:-:::::::* cpe:2.3:h:cisco:isr4321\/k9:-:::::::* cpe:2.3:h:cisco:isr4351\/k9:-:::::::* cpe:2.3:h:cisco:isr4351\/k9-ws:-:::::::* cpe:2.3:h:cisco:isr1100-4gltena:-:::::::* cpe:2.3:h:cisco:isr1100-lte:-:::::::* cpe:2.3:h:cisco:isr1100:-:::::::* cpe:2.3:h:cisco:isr1100-6g:-:::::::* cpe:2.3:h:cisco:isr4331\/k9-ws:-:::::::* cpe:2.3:h:cisco:isr4331\/k9-rf:-:::::::* cpe:2.3:h:cisco:isr4321\/k9-ws:-:::::::* cpe:2.3:h:cisco:isr1100-4g:-:::::::* cpe:2.3:h:cisco:isr1100-4gltegb:-:::::::* cpe:2.3:h:cisco:isr4321\/k9-rf:-:::::::* cpe:2.3:h:cisco:isr4351\/k9-rf:-:::::::*	cpe:2.3:h:cisco:4351\/k9-ws_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4321\/k9-rf_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4331\/k9-ws_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4321\/k9_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4351\/k9_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4331\/k9_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4331\/k9-rf_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4351\/k9-rf_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4321\/k9-ws_integrated_services_router:-:::::::*

Information

Published : 2020-09-24 18:15

Updated : 2024-11-21 05:30

NVD link : CVE-2020-3396

Mitre link : CVE-2020-3396

CVE.ORG link : CVE-2020-3396

JSON object : View

Products Affected

cisco

catalyst_c9300-24s
1100-4gltena_integrated_services_router
asr_1002-x
catalyst_c9300l-24p-4x
4321\/k9_integrated_services_router
catalyst_c9500-32qc
4331\/k9_integrated_services_router
1100-4gltegb_integrated_services_router
4351\/k9-rf_integrated_services_router
catalyst_c9300-24u
catalyst_c9410r
catalyst_c9500-16x
catalyst_c9407r
1100_integrated_services_router
4351\/k9-ws_integrated_services_router
ios_xe
asr_1002
catalyst_c9300-48un
catalyst_c9300-48s
asr_1004
4321\/k9-ws_integrated_services_router
catalyst_c9300-48t
catalyst_c9300l-48p-4x
catalyst_c9300-24p
catalyst_c9300l-24t-4x
catalyst_c9300l-48p-4g
asr_1001-x
asr_1023
catalyst_c9500-32c
1100-lte_integrated_services_router
catalyst_c9300-48u
catalyst_c9300l-24t-4g
4321\/k9-rf_integrated_services_router
asr_1013
catalyst_c9500-12q
4331\/k9-rf_integrated_services_router
catalyst_c9300-48uxm
catalyst_c9500-48y4c
asr_1006
catalyst_c9300-24ux
asr_1000-x
catalyst_c9404r
catalyst_c9500-24y4c
asr_1001
catalyst_c9300l-24p-4g
catalyst_c9500-40x
csr1000v
4351\/k9_integrated_services_router
1100-6g_integrated_services_router
catalyst_c9500-24q
1100-4g_integrated_services_router
catalyst_c9300l-48t-4g
4331\/k9-ws_integrated_services_router
catalyst_c9300-24t
catalyst_c9300l-48t-4x
catalyst_c9300-48p

CWE

CWE-284

Improper Access Control

CWE-269

Improper Privilege Management

6.8 /10