CVE-2020-3236

CWE-22Path Traversal4 documents4 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 85.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Enterprise Network Function Virtualization InfrastructureCisco Cisco Enterprise NFV Infrastructure Software
Timeline
PublishedJun 18
Latest updateMay 24

Description

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using path traversal techniques when executing a vulnerable command. A successful exp

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-hg4p-q65f-q54v: A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell acc2022-05-24
CVEList
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability2020-06-18

📋Vendor Advisories

1
Cisco
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability2020-06-17
CVE-2020-3236 (MEDIUM CVSS 6.7) | A vulnerability in the CLI of Cisco | cvebase.io