#VU47215 Files or Directories Accessible to External Parties in Cisco IOS XE - CVE-2020-3476
Published: September 24, 2020 / Updated: September 30, 2020
Vulnerability identifier: #VU47215
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3476
CWE-ID: CWE-552
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Cisco IOS XE
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to overwrite arbitrary files in the underlying host file system.
The vulnerability exists due to insufficient validation of the parameters of a specific CLI command. A local administrator can issue that command with specific parameters and overwrite the content of any arbitrary file that resides on the underlying host file system.
Remediation
Install updates from vendor's website.