CVE-2019-12670 MEDIUM

CVE-2019-12670: Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability

Vendor Cisco

Product Cisco IOS XE Software 3.2.11aSG

Weakness CWE-284

Published September 25, 2019

Last update November 20, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.

Key dates

02Disclosure timeline

September 25, 2019 CVE published

November 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-12670

Related vulnerabilities

Identifiers

CVE CVE-2019-12670

CWE CWE-284

CVSS 6.7 / MEDIUM

Affected versions