CVE-2020-3478
Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.1EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
04 sep 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Productos afectados
Cisco · Cisco Enterprise NFV Infrastructure Software¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →