CVE-2020-3476: Cisco IOS XE Software Arbitrary File Overwrite Vulnerability
First published: Thu Sep 24 2020(Updated: )
A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =16.9 | |
| Cisco IOS | =16.10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3476?
CVE-2020-3476 is a vulnerability within the CLI implementation of a specific command of Cisco IOS XE Software.
How does CVE-2020-3476 affect Cisco IOS XE Software?
CVE-2020-3476 allows an authenticated, local attacker to overwrite arbitrary files in the underlying host file system.
What is the severity level of CVE-2020-3476?
CVE-2020-3476 has a medium severity level with a CVSS score of 6.
How can I fix CVE-2020-3476?
To fix CVE-2020-3476, you should apply the necessary updates or patches provided by Cisco.
Where can I find more information about CVE-2020-3476?
You can find more information about CVE-2020-3476 on the Cisco Security Advisory page.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/16.9
- version/cisco ios/16.10.1