CVE-2020-3237

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:iox:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:30

Type Values Removed Values Added
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-file-mVnPqKW9 - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-file-mVnPqKW9 - Vendor Advisory

Information

Published : 2020-06-03 18:15

Updated : 2024-11-21 05:30


NVD link : CVE-2020-3237

Mitre link : CVE-2020-3237

CVE.ORG link : CVE-2020-3237


JSON object : View

Products Affected

cisco

  • iox
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')