Vulnerability Details CVE-2020-3138
A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.4%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 7.2
References
Products affected by CVE-2020-3138
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:-
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.10.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.10.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.10.3
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.11.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.5.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.5.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.3
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.7.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.7.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.8.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.9.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.9.2