CVE-2020-3477
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/09/2020
Last modified:
06/08/2021
Description
A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:ios:16.3.11:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:2610xm:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:2611xm:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:2612:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:2620xm:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:2621xm:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:2650xm:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:2651xm:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:2691:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page