Sign-up

ID

VAR-202006-1104


CVE

CVE-2020-3237


TITLE

Cisco IOx Application Framework post link vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-31258 // CNNVD: CNNVD-202006-348

DESCRIPTION

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files. Cisco IOx The application contains a link interpretation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Iox is a secure development environment of the US Cisco (Cisco) that combines Cisco IOS and Linux OS for secure network connection and development of IOT applications

Trust: 2.79

sources: NVD: CVE-2020-3237 // JVNDB: JVNDB-2020-006101 // CNVD: CNVD-2021-31258 // CNNVD: CNNVD-202006-348 // VULHUB: VHN-181362

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-31258

AFFECTED PRODUCTS

vendor:ciscomodel:ioxscope:ltversion:1.9.0

Trust: 1.0

vendor:ciscomodel:ioxscope: - version: -

Trust: 0.8

vendor:ciscomodel:iox application frameworkscope:ltversion:1.9.0

Trust: 0.6

sources: CNVD: CNVD-2021-31258 // JVNDB: JVNDB-2020-006101 // NVD: CVE-2020-3237

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3237
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3237
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006101
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-31258
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-348
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181362
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3237
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006101
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-31258
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-181362
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3237
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 5.5
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3237
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 5.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006101
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-31258 // VULHUB: VHN-181362 // JVNDB: JVNDB-2020-006101 // CNNVD: CNNVD-202006-348 // NVD: CVE-2020-3237 // NVD: CVE-2020-3237

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.9

sources: VULHUB: VHN-181362 // JVNDB: JVNDB-2020-006101 // NVD: CVE-2020-3237

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-348

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202006-348

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006101

PATCH
title:cisco-sa-caf-file-mVnPqKW9url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-file-mVnPqKW9
Trust: 0.8
title:Patch for Cisco IOx Application Framework post link vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/261681
Trust: 0.6
title:Cisco IOx Application Framework Post-link vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120247
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-31258 // 
            
            
            
            JVNDB: JVNDB-2020-006101 // 
            
            
            
            CNNVD: CNNVD-202006-348

EXTERNAL IDS
db:NVDid:CVE-2020-3237
Trust: 3.1
db:JVNDBid:JVNDB-2020-006101
Trust: 0.8
db:CNNVDid:CNNVD-202006-348
Trust: 0.7
db:CNVDid:CNVD-2021-31258
Trust: 0.6
db:AUSCERTid:ESB-2020.1931
Trust: 0.6
db:VULHUBid:VHN-181362
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-31258 // 
            
            
            
            VULHUB: VHN-181362 // 
            
            
            
            JVNDB: JVNDB-2020-006101 // 
            
            
            
            CNNVD: CNNVD-202006-348 // 
            
            
            
            NVD: CVE-2020-3237

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-3237
Trust: 2.0
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-caf-file-mvnpqkw9
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3237
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1931/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-31258 // 
            
            
            
            VULHUB: VHN-181362 // 
            
            
            
            JVNDB: JVNDB-2020-006101 // 
            
            
            
            CNNVD: CNNVD-202006-348 // 
            
            
            
            NVD: CVE-2020-3237

SOURCES
db:CNVDid:CNVD-2021-31258
db:VULHUBid:VHN-181362
db:JVNDBid:JVNDB-2020-006101
db:CNNVDid:CNNVD-202006-348
db:NVDid:CVE-2020-3237

LAST UPDATE DATE
2024-11-23T22:05:36.498000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-31258date:2021-04-27T00:00:00
db:VULHUBid:VHN-181362date:2020-06-08T00:00:00
db:JVNDBid:JVNDB-2020-006101date:2020-06-30T00:00:00
db:CNNVDid:CNNVD-202006-348date:2021-01-05T00:00:00
db:NVDid:CVE-2020-3237date:2024-11-21T05:30:37.880

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-31258date:2021-04-27T00:00:00
db:VULHUBid:VHN-181362date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-006101date:2020-06-30T00:00:00
db:CNNVDid:CNNVD-202006-348date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3237date:2020-06-03T18:15:21.573