CVE-2020-3503
6.0
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Exploitability: 0.8 / Impact: 5.2
Source: NVD
Description
A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.
Affected (1)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.12.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco 1100 4g Integrated Services Router | All versions |
Cisco 1100 4gltegb Integrated Services Router | All versions |
Cisco 1100 4gltena Integrated Services Router | All versions |
Cisco 1100 4p Integrated Services Router | All versions |
Cisco 1100 6g Integrated Services Router | All versions |
Cisco 1100 8p Integrated Services Router | All versions |
Cisco 1100 Lte Integrated Services Router | All versions |
Cisco 1100 Integrated Services Router | All versions |
Cisco 1101 4p Integrated Services Router | All versions |
Cisco 1101 Integrated Services Router | All versions |
Cisco 1109 2p Integrated Services Router | All versions |
Cisco 1109 4p Integrated Services Router | All versions |
Cisco 1109 Integrated Services Router | All versions |
Cisco 1111x 8p Integrated Services Router | All versions |
Cisco 1111x Integrated Services Router | All versions |
Cisco 111x Integrated Services Router | All versions |
Cisco 1120 Integrated Services Router | All versions |
Cisco 1160 Integrated Services Router | All versions |
Cisco 4221 Integrated Services Router | All versions |
Cisco 4331 Integrated Services Router | All versions |
Cisco 4431 Integrated Services Router | All versions |
Cisco 4451 Integrated Services Router | All versions |
Cisco 4461 Integrated Services Router | All versions |
Cisco Asr1001 Hx | All versions |
Cisco Asr1001 Hx Rf | All versions |
Cisco Asr1001 X Rf | All versions |
Cisco Asr1001 X Ws | All versions |
Cisco Asr1002 Hx | All versions |
Cisco Asr1002 Hx Rf | All versions |
Cisco Asr1002 Hx Ws | All versions |
Cisco Asr1002 X Rf | All versions |
Cisco Asr1002 X Ws | All versions |
Cisco Asr 1000 X | All versions |
Cisco Asr 1001 | All versions |
Cisco Asr 1001 X | All versions |
Cisco Asr 1002 | All versions |
Cisco Asr 1002 X | All versions |
Cisco Asr 1004 | All versions |
Cisco Asr 1006 | All versions |
Cisco Asr 1013 | All versions |
Cisco Catalyst 9800 40 | All versions |
Cisco Catalyst 9800 80 | All versions |
Cisco Catalyst 9800 Cl | All versions |
Cisco Catalyst 9800 L | All versions |
Cisco Catalyst 9800 L C | All versions |
Cisco Catalyst 9800 L F | All versions |
Cisco Catalyst C9200 24p | All versions |
Cisco Catalyst C9200 24t | All versions |
Cisco Catalyst C9200 48p | All versions |
Cisco Catalyst C9200 48t | All versions |
Cisco Catalyst C9200l 24p 4g | All versions |
Cisco Catalyst C9200l 24p 4x | All versions |
Cisco Catalyst C9200l 24pxg 2y | All versions |
Cisco Catalyst C9200l 24pxg 4x | All versions |
Cisco Catalyst C9200l 24t 4g | All versions |
Cisco Catalyst C9200l 24t 4x | All versions |
Cisco Catalyst C9200l 48p 4g | All versions |
Cisco Catalyst C9200l 48p 4x | All versions |
Cisco Catalyst C9200l 48pxg 2y | All versions |
Cisco Catalyst C9200l 48pxg 4x | All versions |
Cisco Catalyst C9200l 48t 4g | All versions |
Cisco Catalyst C9200l 48t 4x | All versions |
Cisco Catalyst C9300 24p | All versions |
Cisco Catalyst C9300 24s | All versions |
Cisco Catalyst C9300 24t | All versions |
Cisco Catalyst C9300 24u | All versions |
Cisco Catalyst C9300 24ux | All versions |
Cisco Catalyst C9300 48p | All versions |
Cisco Catalyst C9300 48s | All versions |
Cisco Catalyst C9300 48t | All versions |
Cisco Catalyst C9300 48u | All versions |
Cisco Catalyst C9300 48un | All versions |
Cisco Catalyst C9300 48uxm | All versions |
Cisco Catalyst C9300l 24p 4g | All versions |
Cisco Catalyst C9300l 24p 4x | All versions |
Cisco Catalyst C9300l 24t 4g | All versions |
Cisco Catalyst C9300l 24t 4x | All versions |
Cisco Catalyst C9300l 48p 4g | All versions |
Cisco Catalyst C9300l 48p 4x | All versions |
Cisco Catalyst C9300l 48t 4g | All versions |
Cisco Catalyst C9300l 48t 4x | All versions |
Cisco Catalyst C9404r | All versions |
Cisco Catalyst C9407r | All versions |
Cisco Catalyst C9410r | All versions |
Cisco Catalyst C9500 12q | All versions |
Cisco Catalyst C9500 16x | All versions |
Cisco Catalyst C9500 24q | All versions |
Cisco Catalyst C9500 24y4c | All versions |
Cisco Catalyst C9500 32c | All versions |
Cisco Catalyst C9500 32qc | All versions |
Cisco Catalyst C9500 40x | All versions |
Cisco Catalyst C9500 48y4c | All versions |
Cisco Csr 1000v | All versions |
Cisco Ws C3650 12x48uq | All versions |
Cisco Ws C3650 12x48ur | All versions |
Cisco Ws C3650 12x48uz | All versions |
Cisco Ws C3650 24pd | All versions |
Cisco Ws C3650 24pdm | All versions |
Cisco Ws C3650 24ps | All versions |
Cisco Ws C3650 24td | All versions |
Cisco Ws C3650 24ts | All versions |
Cisco Ws C3650 48fd | All versions |
Cisco Ws C3650 48fq | All versions |
Cisco Ws C3650 48fqm | All versions |
Cisco Ws C3650 48fs | All versions |
Cisco Ws C3650 48pd | All versions |
Cisco Ws C3650 48pq | All versions |
Cisco Ws C3650 48ps | All versions |
Cisco Ws C3650 48td | All versions |
Cisco Ws C3650 48tq | All versions |
Cisco Ws C3650 48ts | All versions |
Cisco Ws C3650 8x24uq | All versions |
Cisco Ws C3850 | All versions |
Cisco Ws C3850 12s | All versions |
Cisco Ws C3850 12x48u | All versions |
Cisco Ws C3850 12xs | All versions |
Cisco Ws C3850 24p | All versions |
Cisco Ws C3850 24s | All versions |
Cisco Ws C3850 24t | All versions |
Cisco Ws C3850 24u | All versions |
Cisco Ws C3850 24xs | All versions |
Cisco Ws C3850 24xu | All versions |
Cisco Ws C3850 48f | All versions |
Cisco Ws C3850 48p | All versions |
Cisco Ws C3850 48t | All versions |
Cisco Ws C3850 48u | All versions |
Cisco Ws C3850 48xs | All versions |
Related CWEs
CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.