CVE-2020-3396: Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability

First published: Thu Sep 24 2020(Updated: )

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.

Credit: ykramarz@cisco.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/weakness
• agent/type
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• agent/references
• agent/severity
• agent/title
• agent/last-modified-date
• agent/author
• agent/tags
• agent/description
• agent/first-publish-date
• agent/event
• vendor/cisco
• canonical/cisco ios xe
• version/cisco ios xe/16.12.1
• canonical/cisco 1100-4g integrated services router
• canonical/cisco 1100-4gltegb integrated services router
• canonical/cisco 1100-4gltena integrated services router
• canonical/cisco 1100-6g integrated services router
• canonical/cisco 1100-lte integrated services router
• canonical/cisco 1100 integrated services router
• canonical/cisco 4321\/k9-rf integrated services router
• canonical/cisco 4321\/k9-ws integrated services router
• canonical/cisco 4321\/k9 integrated services router
• canonical/cisco 4331\/k9-rf integrated services router
• canonical/cisco 4331\/k9-ws integrated services router
• canonical/cisco 4331\/k9 integrated services router
• canonical/cisco 4351\/k9-rf integrated services router
• canonical/cisco 4351\/k9-ws integrated services router
• canonical/cisco 4351\/k9 integrated services router
• canonical/cisco asr 1000-x
• canonical/cisco asr 1001
• canonical/cisco asr 1001-x
• canonical/cisco asr 1002
• canonical/cisco asr 1002-x
• canonical/cisco asr 1004
• canonical/cisco asr 1006
• canonical/cisco asr 1013
• canonical/cisco asr 1023
• canonical/cisco catalyst c9300-24p
• canonical/cisco catalyst c9300-24s
• canonical/cisco catalyst c9300-24t
• canonical/cisco catalyst c9300-24u
• canonical/cisco catalyst c9300-24ux
• canonical/cisco catalyst c9300-48p
• canonical/cisco catalyst c9300-48s
• canonical/cisco catalyst c9300-48t
• canonical/cisco catalyst c9300-48u
• canonical/cisco catalyst c9300-48un
• canonical/cisco catalyst c9300-48uxm
• canonical/cisco catalyst c9300l-24p-4g
• canonical/cisco catalyst c9300l-24p-4x
• canonical/cisco catalyst c9300l-24t-4g
• canonical/cisco catalyst c9300l-24t-4x
• canonical/cisco catalyst c9300l-48p-4g
• canonical/cisco catalyst c9300l-48p-4x
• canonical/cisco catalyst c9300l-48t-4g
• canonical/cisco catalyst c9300l-48t-4x
• canonical/cisco catalyst c9404r
• canonical/cisco catalyst c9407r
• canonical/cisco catalyst c9410r
• canonical/cisco catalyst c9500-12q
• canonical/cisco catalyst c9500-16x
• canonical/cisco catalyst c9500-24q
• canonical/cisco catalyst c9500-24y4c
• canonical/cisco catalyst c9500-32c
• canonical/cisco catalyst c9500-32qc
• canonical/cisco catalyst c9500-40x
• canonical/cisco catalyst c9500-48y4c
• canonical/cisco csr1000v