CVE-2020-3477

A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-info-disclosure-V4BmJBNF	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios:16.3.11:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:2610xm:-:::::::*
	cpe:2.3:h:cisco:2611xm:-:::::::*
	cpe:2.3:h:cisco:2612:-:::::::*
	cpe:2.3:h:cisco:2620xm:-:::::::*
	cpe:2.3:h:cisco:2621xm:-:::::::*
	cpe:2.3:h:cisco:2650xm:-:::::::*
	cpe:2.3:h:cisco:2651xm:-:::::::*
	cpe:2.3:h:cisco:2691:-:::::::*

History

06 Aug 2021, 19:05

Type	Values Removed	Values Added
CWE	~~CWE-20~~	CWE-863

Information

Published : 2020-09-24 18:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-3477

Mitre link : CVE-2020-3477

CVE.ORG link : CVE-2020-3477

JSON object : View

Products Affected

cisco

2691
2611xm
ios
2621xm
2612
2610xm
2650xm
2651xm
2620xm

CWE

CWE-863

Incorrect Authorization

CWE-20

Improper Input Validation

{"id": "CVE-2020-3477", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-09-24T18:15:19.917", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-info-disclosure-V4BmJBNF", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible."}, {"lang": "es", "value": "Una vulnerabilidad en el analizador de la CLI de Cisco IOS Software y Cisco IOS XE Software, podr\u00eda permitir a un atacante local autenticado acceder a archivos desde la flash: filesystem. La vulnerabilidad es debido a una aplicaci\u00f3n insuficiente de restricciones durante la ejecuci\u00f3n de un comando espec\u00edfico. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el uso de un comando espec\u00edfico en la l\u00ednea de comandos. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante conseguir acceso de solo lectura a archivos que est\u00e1n ubicados en la flash: filesystem que de otro modo no podr\u00eda haber sido accesible."}], "lastModified": "2021-08-06T19:05:17.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:16.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAA3919B-5067-4451-9109-3A52C380BCAA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:2610xm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E9B9F16-2D70-4109-999F-6A10D82DD68D"}, {"criteria": "cpe:2.3:h:cisco:2611xm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F77581A8-F334-445E-978C-D57F5135830B"}, {"criteria": "cpe:2.3:h:cisco:2612:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E22D6ADA-DC1D-4916-9039-D0970727DE46"}, {"criteria": "cpe:2.3:h:cisco:2620xm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0CF86B51-A53D-4B3A-89B6-BFF3D40397B6"}, {"criteria": "cpe:2.3:h:cisco:2621xm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "83F5E77F-E325-472B-AD80-98B2C2DBF0AB"}, {"criteria": "cpe:2.3:h:cisco:2650xm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E997D0D5-5436-4E39-8032-F6EA5DA45340"}, {"criteria": "cpe:2.3:h:cisco:2651xm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EF18B92D-D063-4D98-8D59-5AF02443DC4E"}, {"criteria": "cpe:2.3:h:cisco:2691:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F4063DC-7653-4777-B012-C49CCDD0E0B5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}