CVE-2020-3237
published 2020-06-03CVE-2020-3237: A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite…
PriorityP432medium6.3CVSS 3.1
AVLACLPRHUINSUCHIHAL
EPSS
0.35%
27.0th percentile
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_iox | — | — |
| cisco | iox | < 1.9.0 | 1.9.0 |
| cisco | iox_application_framework | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
nvdv3.06.3MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
vendor_cisco·2020-06-03·CVSS 6.3
CVE-2020-3237 [MEDIUM] CWE-59 Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an
authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device.
The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
Cisco
Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
vendor_cisco·CVSS 3.0
CVE-2020-3237 Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
CVE-2020-3237: Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-59, CWE-59
Bug IDs: CSCvr30027
GHSA
GHSA-wpf6-xqrg-67f3: A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to
ghsa_unreviewed·2022-05-24
CVE-2020-3237 [MEDIUM] CWE-59 GHSA-wpf6-xqrg-67f3: A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-06-03
Published