Sign-up

ID

VAR-202006-1103


CVE

CVE-2020-3236


TITLE

Cisco Enterprise NFV Infrastructure Software Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006875

DESCRIPTION

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using path traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files on an affected device. Cisco Enterprise NFV Infrastructure Software (NFVIS) Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Enterprise NFV Infrastructure Software (NFVIS) is a set of NVF infrastructure software platform of Cisco (Cisco). The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller. There is a path traversal vulnerability in the CLI of versions prior to Cisco Enterprise NFVIS Release 4.1.1

Trust: 1.71

sources: NVD: CVE-2020-3236 // JVNDB: JVNDB-2020-006875 // VULHUB: VHN-181361

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise network function virtualization infrastructurescope:ltversion:4.1.1

Trust: 1.0

vendor:ciscomodel:enterprise network functions virtualization infrastructure softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006875 // NVD: CVE-2020-3236

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3236
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3236
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006875
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1147
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181361
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3236
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006875
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181361
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3236
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3236
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006875
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181361 // JVNDB: JVNDB-2020-006875 // CNNVD: CNNVD-202006-1147 // NVD: CVE-2020-3236 // NVD: CVE-2020-3236

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-181361 // JVNDB: JVNDB-2020-006875 // NVD: CVE-2020-3236

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1147

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202006-1147

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006875

PATCH
title:cisco-sa-nfvis-ptrav-SHMzzwVRurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-ptrav-SHMzzwVR
Trust: 0.8
title:Cisco Enterprise NFV Infrastructure Software Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121840
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006875 // 
            
            
            
            CNNVD: CNNVD-202006-1147

EXTERNAL IDS
db:NVDid:CVE-2020-3236
Trust: 2.5
db:JVNDBid:JVNDB-2020-006875
Trust: 0.8
db:CNNVDid:CNNVD-202006-1147
Trust: 0.7
db:AUSCERTid:ESB-2020.2121
Trust: 0.6
db:CNVDid:CNVD-2020-41804
Trust: 0.1
db:VULHUBid:VHN-181361
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181361 // 
            
            
            
            JVNDB: JVNDB-2020-006875 // 
            
            
            
            CNNVD: CNNVD-202006-1147 // 
            
            
            
            NVD: CVE-2020-3236

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-nfvis-ptrav-shmzzwvr
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3236
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3236
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2121/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181361 // 
            
            
            
            JVNDB: JVNDB-2020-006875 // 
            
            
            
            CNNVD: CNNVD-202006-1147 // 
            
            
            
            NVD: CVE-2020-3236

SOURCES
db:VULHUBid:VHN-181361
db:JVNDBid:JVNDB-2020-006875
db:CNNVDid:CNNVD-202006-1147
db:NVDid:CVE-2020-3236

LAST UPDATE DATE
2024-11-23T23:07:56.256000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181361date:2020-06-23T00:00:00
db:JVNDBid:JVNDB-2020-006875date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1147date:2020-06-30T00:00:00
db:NVDid:CVE-2020-3236date:2024-11-21T05:30:37.743

SOURCES RELEASE DATE
db:VULHUBid:VHN-181361date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006875date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1147date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3236date:2020-06-18T03:15:11.103