CVE-2020-3237
Published Jun 3, 2020
Last updated 4 years ago
Overview
- Description
- A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.3
- Impact score
- 5.5
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 6.3
- Impact score
- 5.5
- Exploitability score
- 0.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:iox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43DA2F2B-ABA7-4294-922C-C2CDA197063C",
"versionEndExcluding": "1.9.0"
}
],
"operator": "OR"
}
]
}
]