Lucene search

[email protected]CVE-2020-3503

HistorySep 24, 2020 - 6:15 p.m.

CVE-2020-3503

2020-09-2418:15:20

CWE-284

CWE-732

[email protected]

web.nvd.nist.gov

cisco

ios xe software

vulnerability

file system permissions

cve-2020-3503

nvd

information security

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device’s guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.

Affected configurations

NVD

Node

ciscoios_xeMatch16.12.1

AND

cisco1100-4g_integrated_services_routerMatch-

cisco1100-4gltegb_integrated_services_routerMatch-

cisco1100-4gltena_integrated_services_routerMatch-

cisco1100-4p_integrated_services_routerMatch-

cisco1100-6g_integrated_services_routerMatch-

cisco1100-8p_integrated_services_routerMatch-

cisco1100-lte_integrated_services_routerMatch-

cisco1100_integrated_services_routerMatch-

cisco1101-4p_integrated_services_routerMatch-

cisco1101_integrated_services_routerMatch-

cisco1109-2p_integrated_services_routerMatch-

cisco1109-4p_integrated_services_routerMatch-

cisco1109_integrated_services_routerMatch-

cisco1111x-8p_integrated_services_routerMatch-

cisco1111x_integrated_services_routerMatch-

cisco111x_integrated_services_routerMatch-

cisco1120_integrated_services_routerMatch-

cisco1160_integrated_services_routerMatch-

cisco4221_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4451_integrated_services_routerMatch-

cisco4461_integrated_services_routerMatch-

ciscoasr_1000-xMatch-

ciscoasr_1001Match-

ciscoasr_1001-xMatch-

ciscoasr_1002Match-

ciscoasr_1002-xMatch-

ciscoasr_1004Match-

ciscoasr_1006Match-

ciscoasr_1013Match-

ciscoasr1001-hxMatch-

ciscoasr1001-hx-rfMatch-

ciscoasr1001-x-rfMatch-

ciscoasr1001-x-wsMatch-

ciscoasr1002-hxMatch-

ciscoasr1002-hx-rfMatch-

ciscoasr1002-hx-wsMatch-

ciscoasr1002-x-rfMatch-

ciscoasr1002-x-wsMatch-

ciscocatalyst_9800-40Match-

ciscocatalyst_9800-80Match-

ciscocatalyst_9800-clMatch-

ciscocatalyst_9800-lMatch-

ciscocatalyst_9800-l-cMatch-

ciscocatalyst_9800-l-fMatch-

ciscocatalyst_c9200-24pMatch-

ciscocatalyst_c9200-24tMatch-

ciscocatalyst_c9200-48pMatch-

ciscocatalyst_c9200-48tMatch-

ciscocatalyst_c9200l-24p-4gMatch-

ciscocatalyst_c9200l-24p-4xMatch-

ciscocatalyst_c9200l-24pxg-2yMatch-

ciscocatalyst_c9200l-24pxg-4xMatch-

ciscocatalyst_c9200l-24t-4gMatch-

ciscocatalyst_c9200l-24t-4xMatch-

ciscocatalyst_c9200l-48p-4gMatch-

ciscocatalyst_c9200l-48p-4xMatch-

ciscocatalyst_c9200l-48pxg-2yMatch-

ciscocatalyst_c9200l-48pxg-4xMatch-

ciscocatalyst_c9200l-48t-4gMatch-

ciscocatalyst_c9200l-48t-4xMatch-

ciscocatalyst_c9300-24pMatch-

ciscocatalyst_c9300-24sMatch-

ciscocatalyst_c9300-24tMatch-

ciscocatalyst_c9300-24uMatch-

ciscocatalyst_c9300-24uxMatch-

ciscocatalyst_c9300-48pMatch-

ciscocatalyst_c9300-48sMatch-

ciscocatalyst_c9300-48tMatch-

ciscocatalyst_c9300-48uMatch-

ciscocatalyst_c9300-48unMatch-

ciscocatalyst_c9300-48uxmMatch-

ciscocatalyst_c9300l-24p-4gMatch-

ciscocatalyst_c9300l-24p-4xMatch-

ciscocatalyst_c9300l-24t-4gMatch-

ciscocatalyst_c9300l-24t-4xMatch-

ciscocatalyst_c9300l-48p-4gMatch-

ciscocatalyst_c9300l-48p-4xMatch-

ciscocatalyst_c9300l-48t-4gMatch-

ciscocatalyst_c9300l-48t-4xMatch-

ciscocatalyst_c9404rMatch-

ciscocatalyst_c9407rMatch-

ciscocatalyst_c9410rMatch-

ciscocatalyst_c9500-12qMatch-

ciscocatalyst_c9500-16xMatch-

ciscocatalyst_c9500-24qMatch-

ciscocatalyst_c9500-24y4cMatch-

ciscocatalyst_c9500-32cMatch-

ciscocatalyst_c9500-32qcMatch-

ciscocatalyst_c9500-40xMatch-

ciscocatalyst_c9500-48y4cMatch-

ciscocsr_1000v

ciscows-c3650-12x48uqMatch-

ciscows-c3650-12x48urMatch-

ciscows-c3650-12x48uzMatch-

ciscows-c3650-24pdMatch-

ciscows-c3650-24pdmMatch-

ciscows-c3650-24psMatch-

ciscows-c3650-24tdMatch-

ciscows-c3650-24tsMatch-

ciscows-c3650-48fdMatch-

ciscows-c3650-48fqMatch-

ciscows-c3650-48fqmMatch-

ciscows-c3650-48fsMatch-

ciscows-c3650-48pdMatch-

ciscows-c3650-48pqMatch-

ciscows-c3650-48psMatch-

ciscows-c3650-48tdMatch-

ciscows-c3650-48tqMatch-

ciscows-c3650-48tsMatch-

ciscows-c3650-8x24uqMatch-

ciscows-c3850Match-

ciscows-c3850-12sMatch-

ciscows-c3850-12x48uMatch-

ciscows-c3850-12xsMatch-

ciscows-c3850-24pMatch-

ciscows-c3850-24sMatch-

ciscows-c3850-24tMatch-

ciscows-c3850-24uMatch-

ciscows-c3850-24xsMatch-

ciscows-c3850-24xuMatch-

ciscows-c3850-48fMatch-

ciscows-c3850-48pMatch-

ciscows-c3850-48tMatch-

ciscows-c3850-48uMatch-

ciscows-c3850-48xsMatch-

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq16.12.1

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	16.12.1

CNA Affected

[
  {
    "product": "Cisco IOS XE Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unauth-file-access-eBTWkKVW

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-3503

nessus1 cisco1 cvelist1 nvd1 prion1