CVE-2020-3223

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem.

CVSS v3 4.9 MEDIUM
CVSS v2.0 6.8 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:C/I:N/A:N

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-filerd-HngnDYGk	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios_xe:16.9.4:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.4c:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1b:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1c:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1c:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1t:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1w:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1y:::::::*

History

No history.

Information

Published : 2020-06-03 18:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-3223

Mitre link : CVE-2020-3223

CVE.ORG link : CVE-2020-3223

JSON object : View

Products Affected

cisco

ios_xe

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2020-3223", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2020-06-03T18:15:20.357", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-filerd-HngnDYGk", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de usuario basada en web (IU web) de Cisco IOS XE Software, podr\u00eda permitir a un atacante remoto autenticado con privilegios administrativos leer archivos arbitrarios en el sistema de archivos subyacente del dispositivo. La vulnerabilidad es debido a una limitaci\u00f3n insuficiente del alcance del archivo. Un atacante podr\u00eda explotar esta vulnerabilidad al crear una referencia de archivo espec\u00edfica en el sistema de archivos y luego acceder a ella por medio de la Interfaz de Usuario web. Una explotaci\u00f3n podr\u00eda permitir al atacante leer archivos arbitrarios del sistema de archivos del sistema operativo subyacente."}], "lastModified": "2020-06-09T17:42:41.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4BF9829-F80E-4837-A420-39B291C4E17B"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07F9539-CFBE-46F7-9F5E-93A68169797D"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B53E377A-0296-4D7A-B97C-576B0026543D"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7745ED34-D59D-49CC-B174-96BCA03B3374"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19AF4CF3-6E79-4EA3-974D-CD451A192BA9"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93B96E01-3777-4C33-9225-577B469A6CE5"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}