CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-3476

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.3%

CVSS Severity

CVSS v3 Score 4.4

CVSS v2 Score 3.6

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-file-overwrite-Ynu5PrJD
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-file-overwrite-Ynu5PrJD

Products affected by CVE-2020-3476

Cisco » Ios » Version: 16.10.1

cpe:2.3:o:cisco:ios:16.10.1
Cisco » Ios » Version: 16.9

cpe:2.3:o:cisco:ios:16.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-3476

Products

Pricing

Contact Us