CVE-2020-3476Files or Directories Accessible to External Parties in Cisco IOS XE Software

CWE-552Files or Directories Accessible to External Parties4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
0.1%
top 80.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS
Timeline
PublishedSep 24
Latest updateMay 24

Description

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

NVDcisco/ios16.10.1, 16.9+1

🔴Vulnerability Details

2
GHSA
GHSA-wmmw-33p5-2c6j: A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arb2022-05-24
CVEList
Cisco IOS XE Software Arbitrary File Overwrite Vulnerability2020-09-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Arbitrary File Overwrite Vulnerability2020-09-24
CVE-2020-3476 — Cisco IOS XE Software vulnerability | cvebase