CVE-2020-3151

A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to escape the restricted shell and execute a set of normally unauthorized commands with the privileges of a non-root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials.

CVSS v3 6.7 MEDIUM
CVSS v2.0 3.6 LOW

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.5 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-rshell-esc-L6hBwjbg	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-rshell-esc-L6hBwjbg	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:connected_mobile_experiences:10.6.0:::::::*
	cpe:2.3:a:cisco:connected_mobile_experiences:10.6.1:::::::*
	cpe:2.3:a:cisco:connected_mobile_experiences:10.6.2:::::::*

History

21 Nov 2024, 05:30

Type	Values Removed	Values Added
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-rshell-esc-L6hBwjbg - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-rshell-esc-L6hBwjbg - Vendor Advisory

Information

Published : 2020-08-26 17:15

Updated : 2024-11-21 05:30

NVD link : CVE-2020-3151

Mitre link : CVE-2020-3151

CVE.ORG link : CVE-2020-3151

JSON object : View

Products Affected

cisco

connected_mobile_experiences

CWE

CWE-287

Improper Authentication

{"id": "CVE-2020-3151", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 0.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.5}]}, "published": "2020-08-26T17:15:13.083", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-rshell-esc-L6hBwjbg", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-rshell-esc-L6hBwjbg", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to escape the restricted shell and execute a set of normally unauthorized commands with the privileges of a non-root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials."}, {"lang": "es", "value": "Una vulnerabilidad en la CLI de Cisco Connected Mobile Experiences (CMX) podr\u00eda permitir a un atacante autenticado local con credenciales administrativas omita las restricciones en la CLI. La vulnerabilidad es debido a mecanismos de seguridad insuficientes en la implementaci\u00f3n de shell restringido. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de comandos dise\u00f1ados hacia la CLI. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante escapar el shell restringido y ejecutar un conjunto de comandos normalmente no autorizados con los privilegios de un usuario no root. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales administrativas v\u00e1lidas"}], "lastModified": "2024-11-21T05:30:25.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:10.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46B3BCD8-4F1F-4503-9427-1787B7B5B112"}, {"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:10.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4548832-9572-4CBF-B77F-1A72ABAF2910"}, {"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:10.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B8CAC5F-18EF-446B-9A69-A5AB70EA753A"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}