CVE-2020-3478 HIGH

CVE-2020-3478: Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability

Vendor Cisco

Product Cisco Enterprise NFV Infrastructure Software

Weakness CWE-20 · Input validation

Published September 4, 2020

Last update November 13, 2024

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system.

Key dates

02Disclosure timeline

September 4, 2020 CVE published

November 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-3478 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2020-3478

CWE CWE-20

CVSS 8.1 / HIGH

Affected versions