CVE-2020-3477 MEDIUM

CVE-2020-3477: Cisco IOS and IOS XE Software Information Disclosure Vulnerability

Vendor Cisco

Product Cisco IOS

Weakness CWE-20 · Input validation

Published September 24, 2020

Last update November 13, 2024

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.

Key dates

02Disclosure timeline

September 24, 2020 CVE published

November 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-3477

Related vulnerabilities

CVE-2020-3477: Cisco IOS and IOS XE Software Information Disclosure Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE