CVE-2020-3237

Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability

CVSS 6.3 MEDIUMEPSS 0.4%CWE-59

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

03 Jun 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files.

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Affected products

Cisco · Cisco IOx

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-file-mVnPqKW9