CVE-2020-3396
7.2
Vector
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 0.5 / Impact: 6.0
Source: NVD
Description
A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.
Affected (1)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.12.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco 1100 4g Integrated Services Router | All versions |
Cisco 1100 4gltegb Integrated Services Router | All versions |
Cisco 1100 4gltena Integrated Services Router | All versions |
Cisco 1100 6g Integrated Services Router | All versions |
Cisco 1100 Lte Integrated Services Router | All versions |
Cisco 1100 Integrated Services Router | All versions |
Cisco 4321/k9 Rf Integrated Services Router | All versions |
Cisco 4321/k9 Ws Integrated Services Router | All versions |
Cisco 4321/k9 Integrated Services Router | All versions |
Cisco 4331/k9 Rf Integrated Services Router | All versions |
Cisco 4331/k9 Ws Integrated Services Router | All versions |
Cisco 4331/k9 Integrated Services Router | All versions |
Cisco 4351/k9 Rf Integrated Services Router | All versions |
Cisco 4351/k9 Ws Integrated Services Router | All versions |
Cisco 4351/k9 Integrated Services Router | All versions |
Cisco Asr 1000 X | All versions |
Cisco Asr 1001 | All versions |
Cisco Asr 1001 X | All versions |
Cisco Asr 1002 | All versions |
Cisco Asr 1002 X | All versions |
Cisco Asr 1004 | All versions |
Cisco Asr 1006 | All versions |
Cisco Asr 1013 | All versions |
Cisco Asr 1023 | All versions |
Cisco Catalyst C9300 24p | All versions |
Cisco Catalyst C9300 24s | All versions |
Cisco Catalyst C9300 24t | All versions |
Cisco Catalyst C9300 24u | All versions |
Cisco Catalyst C9300 24ux | All versions |
Cisco Catalyst C9300 48p | All versions |
Cisco Catalyst C9300 48s | All versions |
Cisco Catalyst C9300 48t | All versions |
Cisco Catalyst C9300 48u | All versions |
Cisco Catalyst C9300 48un | All versions |
Cisco Catalyst C9300 48uxm | All versions |
Cisco Catalyst C9300l 24p 4g | All versions |
Cisco Catalyst C9300l 24p 4x | All versions |
Cisco Catalyst C9300l 24t 4g | All versions |
Cisco Catalyst C9300l 24t 4x | All versions |
Cisco Catalyst C9300l 48p 4g | All versions |
Cisco Catalyst C9300l 48p 4x | All versions |
Cisco Catalyst C9300l 48t 4g | All versions |
Cisco Catalyst C9300l 48t 4x | All versions |
Cisco Catalyst C9404r | All versions |
Cisco Catalyst C9407r | All versions |
Cisco Catalyst C9410r | All versions |
Cisco Catalyst C9500 12q | All versions |
Cisco Catalyst C9500 16x | All versions |
Cisco Catalyst C9500 24q | All versions |
Cisco Catalyst C9500 24y4c | All versions |
Cisco Catalyst C9500 32c | All versions |
Cisco Catalyst C9500 32qc | All versions |
Cisco Catalyst C9500 40x | All versions |
Cisco Catalyst C9500 48y4c | All versions |
Cisco Csr1000v | All versions |
Related CWEs
CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.