Main Vulnerability Database Vulnerabilities #VU29214

#VU29214 Path traversal in Enterprise NFV Infrastructure Software - CVE-2020-3236

Published: June 23, 2020

Vulnerability identifier: #VU29214

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3236

CWE-ID: CWE-22

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Enterprise NFV Infrastructure Software

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the CLI command arguments. A local user can send a specially crafted HTTP request, gain root shell access to the underlying operating system and overwrite or read arbitrary files on an affected device.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-ptrav-SHMzzwVR

#VU29214 Path traversal in Enterprise NFV Infrastructure Software - CVE-2020-3236

Description

Remediation

External links

Please verify you're human