CVE-2020-3166 | ByteOS Network

Vulnerability Details :

CVE-2020-3166

Assigner-cisco

Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633

Published At-26 Feb, 2020 | 16:51

Updated At-15 Nov, 2024 | 17:37

Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:cisco

Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633

Published At:26 Feb, 2020 | 16:51

Updated At:15 Nov, 2024 | 17:37

▼CVE Numbering Authority (CNA)

Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS.

Affected Products

Vendor

Cisco Systems, Inc.

Product

Cisco Firepower Extensible Operating System (FXOS)

Versions

Affected

From unspecified before n/a (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-20	CWE-20

Type: CWE

CWE ID: CWE-20

Description: CWE-20

Metrics

Version	Base score	Base severity	Vector
3.0	4.2	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Version: 3.0

Base score: 4.2

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

References

Hyperlink	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file	vendor-advisory x_refsource_CISCO

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file

Resource:

vendor-advisory

x_refsource_CISCO

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file	vendor-advisory x_refsource_CISCO x_transferred

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file

Resource:

vendor-advisory

x_refsource_CISCO

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:ykramarz@cisco.com

Published At:26 Feb, 2020 | 17:15

Updated At:15 Aug, 2023 | 15:24

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.0	4.2	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Primary	2.0	4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 6.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.0

Base score: 4.2

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Type: Primary

Version: 2.0

Base score: 4.6

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Cisco Systems, Inc.

>>firepower_1010>>-

cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_1120>>-

cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_1140>>-

cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_1150>>-

cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_2110>>-

cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_2120>>-

cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_2130>>-

cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_2140>>-

cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_threat_defense>>Versions from 6.2.2(inclusive) to 6.2.3.16(exclusive)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_threat_defense>>Versions from 6.3.0(inclusive) to 6.5.0.3(exclusive)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>adaptive_security_appliance_software>>Versions from 9.8(inclusive) to 9.9.2.66(exclusive)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>adaptive_security_appliance_software>>Versions from 9.10(inclusive) to 9.13.1.5(exclusive)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_4110>>-

cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_4115>>-

cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_4120>>-

cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_4125>>-

cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_4140>>-

cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_4145>>-

cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_4150>>-

cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_9300>>-

cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_extensible_operating_system>>Versions before 2.2.2.97(exclusive)

cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_extensible_operating_system>>Versions from 2.3(inclusive) to 2.3.1.155(exclusive)

cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_extensible_operating_system>>Versions from 2.4(inclusive) to 2.4.1.238(exclusive)

cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_extensible_operating_system>>Versions from 2.6(inclusive) to 2.6.1.157(exclusive)

cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov
CWE-20	Secondary	ykramarz@cisco.com

CWE ID: CWE-20

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-20

Type: Secondary

Source: ykramarz@cisco.com

References

Hyperlink	Source	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file	ykramarz@cisco.com	Vendor Advisory

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file

Source: ykramarz@cisco.com

Resource:

Vendor Advisory