Sign-up

ID

VAR-202003-1178


CVE

CVE-2020-3176


TITLE

Cisco Remote PHY In device software OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-002424

DESCRIPTION

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise. (DoS) It may be put into a state. Cisco Remote PHY 120 is a remote PHY (port physical layer) device from Cisco in the United States

Trust: 2.16

sources: NVD: CVE-2020-3176 // JVNDB: JVNDB-2020-002424 // CNVD: CNVD-2020-19234

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-19234

AFFECTED PRODUCTS

vendor:ciscomodel:remote phy 220scope: - version: -

Trust: 1.4

vendor:ciscomodel:remote phy shelf 7200scope: - version: -

Trust: 1.4

vendor:ciscomodel:remote phy 120scope:eqversion: -

Trust: 1.2

vendor:ciscomodel:remote phy 120scope:ltversion:7.7

Trust: 1.0

vendor:ciscomodel:remote phy 220scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:remote phy shelf 7200scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:remote phy 120scope: - version: -

Trust: 0.8

vendor:ciscomodel:remote phy releasescope:eqversion:120<7.7

Trust: 0.6

vendor:ciscomodel:remote phy all versionsscope:eqversion:220

Trust: 0.6

vendor:ciscomodel:remote phy shelf all versionsscope:eqversion:7200

Trust: 0.6

vendor:ciscomodel:remote phy shelf 7200scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:remote phy 220scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-19234 // JVNDB: JVNDB-2020-002424 // CNNVD: CNNVD-202003-163 // NVD: CVE-2020-3176

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3176
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3176
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002424
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-19234
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-163
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-3176
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002424
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19234
severity: MEDIUM
baseScore: 6.5
vectorString: AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-3176
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3176
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002424
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-19234 // JVNDB: JVNDB-2020-002424 // CNNVD: CNNVD-202003-163 // NVD: CVE-2020-3176 // NVD: CVE-2020-3176

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

problemtype:CWE-77

Trust: 1.0

sources: JVNDB: JVNDB-2020-002424 // NVD: CVE-2020-3176

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-163

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-163

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002424

PATCH
title:cisco-sa-rphy-cmdinject-DpEjeTgFurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rphy-cmdinject-DpEjeTgF
Trust: 0.8
title:Patch for Cisco Remote PHY 120, Remote PHY 220, and Remote PHY Shelf 7200 command injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/210731
Trust: 0.6
title:Cisco Remote PHY 120 , Remote PHY 220  and Remote PHY Shelf 7200 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111606
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19234 // 
            
            
            
            JVNDB: JVNDB-2020-002424 // 
            
            
            
            CNNVD: CNNVD-202003-163

EXTERNAL IDS
db:NVDid:CVE-2020-3176
Trust: 3.0
db:JVNDBid:JVNDB-2020-002424
Trust: 0.8
db:CNVDid:CNVD-2020-19234
Trust: 0.6
db:AUSCERTid:ESB-2020.0808
Trust: 0.6
db:CNNVDid:CNNVD-202003-163
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19234 // 
            
            
            
            JVNDB: JVNDB-2020-002424 // 
            
            
            
            CNNVD: CNNVD-202003-163 // 
            
            
            
            NVD: CVE-2020-3176

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-3176
Trust: 2.0
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rphy-cmdinject-dpejetgf
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3176
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0808/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19234 // 
            
            
            
            JVNDB: JVNDB-2020-002424 // 
            
            
            
            CNNVD: CNNVD-202003-163 // 
            
            
            
            NVD: CVE-2020-3176

SOURCES
db:CNVDid:CNVD-2020-19234
db:JVNDBid:JVNDB-2020-002424
db:CNNVDid:CNNVD-202003-163
db:NVDid:CVE-2020-3176

LAST UPDATE DATE
2024-11-23T22:05:46.284000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19234date:2020-03-25T00:00:00
db:JVNDBid:JVNDB-2020-002424date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-163date:2020-03-13T00:00:00
db:NVDid:CVE-2020-3176date:2024-11-21T05:30:29.177

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-19234date:2020-03-25T00:00:00
db:JVNDBid:JVNDB-2020-002424date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-163date:2020-03-04T00:00:00
db:NVDid:CVE-2020-3176date:2020-03-04T19:15:13.040