CVE-2020-3503

A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.

CVSS v3.0 6.0 MEDIUM
CVSS v2.0 3.6 LOW

6.0^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unauth-file-access-eBTWkKVW	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:asr1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr1001-hx-rf:-:::::::*
	cpe:2.3:h:cisco:asr1001-x-rf:-:::::::*
	cpe:2.3:h:cisco:asr1001-x-ws:-:::::::*
	cpe:2.3:h:cisco:asr1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr1002-hx-rf:-:::::::*
	cpe:2.3:h:cisco:asr1002-hx-ws:-:::::::*
	cpe:2.3:h:cisco:asr1002-x-rf:-:::::::*
	cpe:2.3:h:cisco:asr1002-x-ws:-:::::::*
	cpe:2.3:h:cisco:asr_1000-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001:-:::::::*
	cpe:2.3:h:cisco:asr_1002:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:integrated_services_router_4451:-:::::::*
	cpe:2.3:h:cisco:integrated_services_router_4431:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24ux:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48un:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-12q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-16x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32qc:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-40x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9200l-48t-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9200l-48t-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-24p:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-24s:-:::::::*
cpe:2.3:h:cisco:isr1100-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9404r:-:::::::*
cpe:2.3:h:cisco:catalyst_c9407r:-:::::::*
cpe:2.3:h:cisco:catalyst_c9410r:-:::::::*
cpe:2.3:h:cisco:isr1100:-:::::::*
cpe:2.3:h:cisco:integrated_services_router_4221:-:::::::*
cpe:2.3:h:cisco:integrated_services_router_4331:-:::::::*
cpe:2.3:h:cisco:integrated_services_router_4461:-:::::::*
cpe:2.3:h:cisco:csr_1000v::::::::
cpe:2.3:h:cisco:isr_1111x-8p:-:::::::*
cpe:2.3:h:cisco:isr_1100-8p:-:::::::*
cpe:2.3:h:cisco:isr_1100-4p:-:::::::*
cpe:2.3:h:cisco:isr_1101-4p:-:::::::*
cpe:2.3:h:cisco:isr_1109-4p:-:::::::*
cpe:2.3:h:cisco:isr_1109-2p:-:::::::*
cpe:2.3:h:cisco:isr1100-6g:-:::::::*
cpe:2.3:h:cisco:isr1100-4gltena:-:::::::*
cpe:2.3:h:cisco:isr1100-4gltegb:-:::::::*
cpe:2.3:h:cisco:isr_1101:-:::::::*
cpe:2.3:h:cisco:isr_1109:-:::::::*
cpe:2.3:h:cisco:isr_111x:-:::::::*
cpe:2.3:h:cisco:isr_1111x:-:::::::*
cpe:2.3:h:cisco:isr_1120:-:::::::*
cpe:2.3:h:cisco:isr_1160:-:::::::*
cpe:2.3:h:cisco:isr1100-lte:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24ts:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48ts:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24ps:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48ps:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fs:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24td:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48td:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24pd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24pdm:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48pd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48tq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48pq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fqm:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-8x24uq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48uq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48ur:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48uz:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24t:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48t:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24p:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48p:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48f:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24xu:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12x48u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12s:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24s:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850:-:::::::*

Information

Published : 2020-09-24 11:15

Updated : 2020-10-08 12:14

NVD link : CVE-2020-3503

Mitre link : CVE-2020-3503

JSON object : View

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

Products Affected

cisco

catalyst_c9300l-48p-4x
catalyst_c9300-48p
catalyst_c9300l-24t-4g
ws-c3650-24ps
catalyst_c9200-48t
ws-c3650-12x48uz
catalyst_c9500-48y4c
catalyst_c9200l-48t-4x
isr_1111x-8p
isr_1100-8p
isr1100-6g
asr_1006
catalyst_c9300-24t
ws-c3650-24pdm
asr1002-x-ws
ws-c3850-48t
asr_1001
asr_1000-x
catalyst_c9300l-48p-4g
ws-c3650-24td
asr1001-x-rf
isr_1100-4p
ws-c3650-48ps
catalyst_c9300-48s
catalyst_c9300-24p
catalyst_c9500-24q
asr1002-hx
catalyst_c9300l-24t-4x
isr_1101
catalyst_c9200l-24pxg-4x
catalyst_9800-l-f
catalyst_9800-80
catalyst_c9200l-24p-4g
ws-c3850-48f
catalyst_c9500-32qc
isr1100-4gltegb
catalyst_c9500-32c
asr1002-hx-rf
catalyst_c9500-24y4c
isr1100-4gltena
catalyst_c9200l-48p-4x
ws-c3850-48u
catalyst_c9200l-24t-4g
ws-c3650-48fqm
catalyst_c9200-24t
catalyst_9800-cl
catalyst_c9200l-48pxg-2y
catalyst_c9300-48uxm
catalyst_c9300-24ux
catalyst_9800-l
ws-c3650-48fd
integrated_services_router_4331
catalyst_9800-l-c
catalyst_c9300l-24p-4g
catalyst_9800-40
catalyst_c9200-24p
catalyst_c9300-48u
catalyst_c9200l-24t-4x
asr1002-x-rf
isr_1109-4p
catalyst_c9300-48t
isr_111x
ws-c3850-12xs
asr_1002-x
catalyst_c9300-24u
catalyst_c9300-48un
ws-c3850-24u
csr_1000v
integrated_services_router_4451
catalyst_c9500-40x
catalyst_c9300l-48t-4g
ws-c3850-48xs
ws-c3650-24ts
integrated_services_router_4461
catalyst_c9200l-24p-4x
catalyst_c9300-24s
asr1001-x-ws
catalyst_c9200l-48t-4g
ws-c3650-48td
ws-c3650-12x48uq
asr1002-hx-ws
asr_1013
ws-c3850-24p
catalyst_c9500-16x
ws-c3650-48tq
ws-c3650-24pd
ws-c3850-48p
isr1100
catalyst_c9200l-24pxg-2y
isr_1101-4p
integrated_services_router_4221
ws-c3850
asr1001-hx
ws-c3650-48fq
isr1100-4g
isr_1109
catalyst_c9407r
isr1100-lte
ws-c3650-12x48ur
isr_1111x
ws-c3850-24xu
integrated_services_router_4431
ws-c3850-12x48u
catalyst_c9404r
isr_1109-2p
ws-c3650-48pq
asr_1002
ios_xe
ws-c3850-12s
catalyst_c9300l-48t-4x
ws-c3650-8x24uq
ws-c3650-48ts
asr_1004
ws-c3850-24s
ws-c3650-48pd
isr_1160
isr_1120
ws-c3850-24xs
ws-c3650-48fs
ws-c3850-24t
catalyst_c9300l-24p-4x
catalyst_c9200-48p
asr1001-hx-rf
catalyst_c9500-12q
catalyst_c9410r
asr_1001-x
catalyst_c9200l-48pxg-4x
catalyst_c9200l-48p-4g

6.0 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.6 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-3503

6.0^/10

3.6^/10

Attach tags to `CVE-2020-3503`