ID CVE-2020-3477
Summary A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.
References
Vulnerable Configurations
  • cpe:2.3:o:cisco:ios:16.3.11:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:16.3.11:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:2610xm:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:2610xm:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:2611xm:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:2611xm:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:2612:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:2612:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:2620xm:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:2620xm:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:2621xm:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:2621xm:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:2650xm:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:2650xm:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:2651xm:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:2651xm:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:2691:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:2691:-:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 06-08-2021 - 19:05)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
cisco 20200924 Cisco IOS and IOS XE Software Information Disclosure Vulnerability
Last major update 06-08-2021 - 19:05
Published 24-09-2020 - 18:15
Last modified 06-08-2021 - 19:05
Back to Top