CVE-2020-3476

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.

CVSS v3 6.0 MEDIUM
CVSS v2.0 3.6 LOW

6.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-file-overwrite-Ynu5PrJD	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-file-overwrite-Ynu5PrJD	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios:16.9:::::::*
	cpe:2.3:o:cisco:ios:16.10.1:::::::*

History

21 Nov 2024, 05:31

Type	Values Removed	Values Added
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-file-overwrite-Ynu5PrJD - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-file-overwrite-Ynu5PrJD - Vendor Advisory

Information

Published : 2020-09-24 18:15

Updated : 2024-11-21 05:31

NVD link : CVE-2020-3476

Mitre link : CVE-2020-3476

CVE.ORG link : CVE-2020-3476

JSON object : View

Products Affected

cisco

ios

CWE

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2020-3476", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.8}]}, "published": "2020-09-24T18:15:19.790", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-file-overwrite-Ynu5PrJD", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-file-overwrite-Ynu5PrJD", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-552"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de un comando espec\u00edfico de la CLI de Cisco IOS XE Software, podr\u00eda permitir a un atacante local autenticado sobrescribir archivos arbitrarios en el sistema de archivos del host subyacente. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de los par\u00e1metros de un comando de la CLI espec\u00edfico. Un atacante podr\u00eda explotar esta vulnerabilidad al emitir ese comando con par\u00e1metros espec\u00edficos. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante sobrescribir el contenido de cualquier archivo arbitrario que resida en el sistema de archivos del host subyacente."}], "lastModified": "2024-11-21T05:31:08.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:16.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB883593-0624-4758-BB62-17697093893F"}, {"criteria": "cpe:2.3:o:cisco:ios:16.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "411F5B98-49C0-44C9-BFF3-C2610F80BE74"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}