CVE-2020-3237

EPSS 0.05%
Published 03.06.2020 18:15:21
Last modified 21.11.2024 05:30:37
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Iox Version < 1.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.11

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.3	0.8	5.5	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@cisco.com	6.3	0.8	5.5	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-file-mVnPqKW9

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3237

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3237

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3237

EUVD