7.2
CVE-2020-3396
- EPSS 0.05%
- Published 24.09.2020 18:15:17
- Last modified 21.11.2024 05:30:56
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Ios Xe Version16.12.1
Cisco ≫ 1100-4g Integrated Services Router Version-
Cisco ≫ 1100-4gltegb Integrated Services Router Version-
Cisco ≫ 1100-4gltena Integrated Services Router Version-
Cisco ≫ 1100-6g Integrated Services Router Version-
Cisco ≫ 1100-lte Integrated Services Router Version-
Cisco ≫ 1100 Integrated Services Router Version-
Cisco ≫ 4321/k9-rf Integrated Services Router Version-
Cisco ≫ 4321/k9-ws Integrated Services Router Version-
Cisco ≫ 4321/k9 Integrated Services Router Version-
Cisco ≫ 4331/k9-rf Integrated Services Router Version-
Cisco ≫ 4331/k9-ws Integrated Services Router Version-
Cisco ≫ 4331/k9 Integrated Services Router Version-
Cisco ≫ 4351/k9-rf Integrated Services Router Version-
Cisco ≫ 4351/k9-ws Integrated Services Router Version-
Cisco ≫ 4351/k9 Integrated Services Router Version-
Cisco ≫ Asr 1000-x Version-
Cisco ≫ Asr 1001 Version-
Cisco ≫ Asr 1001-x Version-
Cisco ≫ Asr 1002 Version-
Cisco ≫ Asr 1002-x Version-
Cisco ≫ Asr 1004 Version-
Cisco ≫ Asr 1006 Version-
Cisco ≫ Asr 1013 Version-
Cisco ≫ Asr 1023 Version-
Cisco ≫ Catalyst C9300-24p Version-
Cisco ≫ Catalyst C9300-24s Version-
Cisco ≫ Catalyst C9300-24t Version-
Cisco ≫ Catalyst C9300-24u Version-
Cisco ≫ Catalyst C9300-24ux Version-
Cisco ≫ Catalyst C9300-48p Version-
Cisco ≫ Catalyst C9300-48s Version-
Cisco ≫ Catalyst C9300-48t Version-
Cisco ≫ Catalyst C9300-48u Version-
Cisco ≫ Catalyst C9300-48un Version-
Cisco ≫ Catalyst C9300-48uxm Version-
Cisco ≫ Catalyst C9300l-24p-4g Version-
Cisco ≫ Catalyst C9300l-24p-4x Version-
Cisco ≫ Catalyst C9300l-24t-4g Version-
Cisco ≫ Catalyst C9300l-24t-4x Version-
Cisco ≫ Catalyst C9300l-48p-4g Version-
Cisco ≫ Catalyst C9300l-48p-4x Version-
Cisco ≫ Catalyst C9300l-48t-4g Version-
Cisco ≫ Catalyst C9300l-48t-4x Version-
Cisco ≫ Catalyst C9404r Version-
Cisco ≫ Catalyst C9407r Version-
Cisco ≫ Catalyst C9410r Version-
Cisco ≫ Catalyst C9500-12q Version-
Cisco ≫ Catalyst C9500-16x Version-
Cisco ≫ Catalyst C9500-24q Version-
Cisco ≫ Catalyst C9500-24y4c Version-
Cisco ≫ Catalyst C9500-32c Version-
Cisco ≫ Catalyst C9500-32qc Version-
Cisco ≫ Catalyst C9500-40x Version-
Cisco ≫ Catalyst C9500-48y4c Version-
Cisco ≫ Csr1000v Version-
Cisco ≫ 1100-4gltegb Integrated Services Router Version-
Cisco ≫ 1100-4gltena Integrated Services Router Version-
Cisco ≫ 1100-6g Integrated Services Router Version-
Cisco ≫ 1100-lte Integrated Services Router Version-
Cisco ≫ 1100 Integrated Services Router Version-
Cisco ≫ 4321/k9-rf Integrated Services Router Version-
Cisco ≫ 4321/k9-ws Integrated Services Router Version-
Cisco ≫ 4321/k9 Integrated Services Router Version-
Cisco ≫ 4331/k9-rf Integrated Services Router Version-
Cisco ≫ 4331/k9-ws Integrated Services Router Version-
Cisco ≫ 4331/k9 Integrated Services Router Version-
Cisco ≫ 4351/k9-rf Integrated Services Router Version-
Cisco ≫ 4351/k9-ws Integrated Services Router Version-
Cisco ≫ 4351/k9 Integrated Services Router Version-
Cisco ≫ Asr 1000-x Version-
Cisco ≫ Asr 1001 Version-
Cisco ≫ Asr 1001-x Version-
Cisco ≫ Asr 1002 Version-
Cisco ≫ Asr 1002-x Version-
Cisco ≫ Asr 1004 Version-
Cisco ≫ Asr 1006 Version-
Cisco ≫ Asr 1013 Version-
Cisco ≫ Asr 1023 Version-
Cisco ≫ Catalyst C9300-24p Version-
Cisco ≫ Catalyst C9300-24s Version-
Cisco ≫ Catalyst C9300-24t Version-
Cisco ≫ Catalyst C9300-24u Version-
Cisco ≫ Catalyst C9300-24ux Version-
Cisco ≫ Catalyst C9300-48p Version-
Cisco ≫ Catalyst C9300-48s Version-
Cisco ≫ Catalyst C9300-48t Version-
Cisco ≫ Catalyst C9300-48u Version-
Cisco ≫ Catalyst C9300-48un Version-
Cisco ≫ Catalyst C9300-48uxm Version-
Cisco ≫ Catalyst C9300l-24p-4g Version-
Cisco ≫ Catalyst C9300l-24p-4x Version-
Cisco ≫ Catalyst C9300l-24t-4g Version-
Cisco ≫ Catalyst C9300l-24t-4x Version-
Cisco ≫ Catalyst C9300l-48p-4g Version-
Cisco ≫ Catalyst C9300l-48p-4x Version-
Cisco ≫ Catalyst C9300l-48t-4g Version-
Cisco ≫ Catalyst C9300l-48t-4x Version-
Cisco ≫ Catalyst C9404r Version-
Cisco ≫ Catalyst C9407r Version-
Cisco ≫ Catalyst C9410r Version-
Cisco ≫ Catalyst C9500-12q Version-
Cisco ≫ Catalyst C9500-16x Version-
Cisco ≫ Catalyst C9500-24q Version-
Cisco ≫ Catalyst C9500-24y4c Version-
Cisco ≫ Catalyst C9500-32c Version-
Cisco ≫ Catalyst C9500-32qc Version-
Cisco ≫ Catalyst C9500-40x Version-
Cisco ≫ Catalyst C9500-48y4c Version-
Cisco ≫ Csr1000v Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.131 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 0.5 | 6 |
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| psirt@cisco.com | 6.8 | 0.5 | 5.8 |
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.