CVE-2020-3477

A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:ios:16.3.11:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:2610xm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2611xm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2612:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2620xm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2621xm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2650xm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2651xm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2691:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-09-24 18:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-3477

Mitre link : CVE-2020-3477

CVE.ORG link : CVE-2020-3477


JSON object : View

Products Affected

cisco

  • 2691
  • ios
  • 2611xm
  • 2651xm
  • 2612
  • 2610xm
  • 2620xm
  • 2621xm
  • 2650xm
CWE
CWE-863

Incorrect Authorization

CWE-20

Improper Input Validation