CVE-2019-12670Improper Access Control in Cisco IOS XE Software 3.2.11asg

CWE-284Improper Access ControlCWE-276Incorrect Default Permissions4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 90.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE Software 3.2.11asgCisco IOS
Timeline
PublishedSep 25
Latest updateMay 24

Description

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the containe

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software_3.2.11asgunspecifiedn/a
NVDcisco/ios16.10.1

🔴Vulnerability Details

2
GHSA
GHSA-g944-pxwm-3499: A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the names2022-05-24
CVEList
Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability2019-09-25

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability2019-09-25
CVE-2019-12670 — Improper Access Control in Cisco | cvebase