← back
CVE-2020-3477

Cisco IOS and IOS XE Software Information Disclosure Vulnerability

CVSS 5.5 MEDIUMEPSS 0.3%CWE-20
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
24 Sep 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Cisco · Cisco IOS