Vulnerability Details CVE-2020-3365
A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.5%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2020-3365
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.10.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.10.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.10.3
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.11.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.11.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.11.3
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.12.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.12.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.12.3
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.5.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.5.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.3
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.7.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.7.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.8.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.9.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.9.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:4.1.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:4.1.2