First published: Thu Sep 24 2020(Updated: )
A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS | =16.3.11 | |
Cisco 2610xm | ||
Cisco 2611xm | ||
Cisco 2612 | ||
Cisco 2620xm | ||
Cisco 2621xm | ||
Cisco 2650xm | ||
Cisco 2651xm | ||
Cisco 2691 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3477 is a vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software that allows an authenticated, local attacker to access files from the flash: filesystem.
The severity of CVE-2020-3477 is medium with a CVSS score of 5.5.
Cisco IOS Software versions 16.3.11 and Cisco IOS XE Software are affected by CVE-2020-3477.
An attacker needs to be authenticated and have local access to the system in order to exploit CVE-2020-3477.
Yes, Cisco has released software updates to address the vulnerability. Please refer to the Cisco Security Advisory for more information.