Sign-up

ID

VAR-202006-1105


CVE

CVE-2020-3238


TITLE

Cisco IOx Application Framework Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-31259 // CNNVD: CNNVD-202006-368

DESCRIPTION

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the device that is hosting Cisco IOx. Cisco IOx The application contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Cisco Iox is a secure development environment of the US Cisco (Cisco) that combines Cisco IOS and Linux OS for secure network connection and development of IOT applications

Trust: 2.88

sources: NVD: CVE-2020-3238 // JVNDB: JVNDB-2020-006102 // CNVD: CNVD-2021-31259 // CNNVD: CNNVD-202006-368 // VULHUB: VHN-181363 // VULMON: CVE-2020-3238

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-31259

AFFECTED PRODUCTS

vendor:ciscomodel:ioxscope:ltversion:1.9.0

Trust: 1.0

vendor:ciscomodel:ioxscope: - version: -

Trust: 0.8

vendor:ciscomodel:iox application frameworkscope:ltversion:1.9.0

Trust: 0.6

sources: CNVD: CNVD-2021-31259 // JVNDB: JVNDB-2020-006102 // NVD: CVE-2020-3238

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3238
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3238
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006102
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-31259
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-368
value: HIGH

Trust: 0.6

VULHUB: VHN-181363
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3238
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3238
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006102
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-31259
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-181363
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3238
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3238
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006102
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-31259 // VULHUB: VHN-181363 // VULMON: CVE-2020-3238 // JVNDB: JVNDB-2020-006102 // CNNVD: CNNVD-202006-368 // NVD: CVE-2020-3238 // NVD: CVE-2020-3238

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181363 // JVNDB: JVNDB-2020-006102 // NVD: CVE-2020-3238

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-368

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-368

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006102

PATCH
title:cisco-sa-caf-3dXM8exvurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-3dXM8exv
Trust: 0.8
title:Patch for Cisco IOx Application Framework Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/261671
Trust: 0.6
title:Cisco IOx Application Framework Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120265
Trust: 0.6
title:Cisco: Cisco IOx Application Framework Arbitrary File Creation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-caf-3dXM8exv
Trust: 0.1
title:CVE-2020-3238url:https://github.com/AlAIAL90/CVE-2020-3238 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-31259 // 
            
            
            
            VULMON: CVE-2020-3238 // 
            
            
            
            JVNDB: JVNDB-2020-006102 // 
            
            
            
            CNNVD: CNNVD-202006-368

EXTERNAL IDS
db:NVDid:CVE-2020-3238
Trust: 3.2
db:JVNDBid:JVNDB-2020-006102
Trust: 0.8
db:CNNVDid:CNNVD-202006-368
Trust: 0.7
db:CNVDid:CNVD-2021-31259
Trust: 0.6
db:AUSCERTid:ESB-2020.1931
Trust: 0.6
db:VULHUBid:VHN-181363
Trust: 0.1
db:VULMONid:CVE-2020-3238
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-31259 // 
            
            
            
            VULHUB: VHN-181363 // 
            
            
            
            VULMON: CVE-2020-3238 // 
            
            
            
            JVNDB: JVNDB-2020-006102 // 
            
            
            
            CNNVD: CNNVD-202006-368 // 
            
            
            
            NVD: CVE-2020-3238

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-3238
Trust: 2.0
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-caf-3dxm8exv
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3238
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1931/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://github.com/alaial90/cve-2020-3238
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-31259 // 
            
            
            
            VULHUB: VHN-181363 // 
            
            
            
            VULMON: CVE-2020-3238 // 
            
            
            
            JVNDB: JVNDB-2020-006102 // 
            
            
            
            CNNVD: CNNVD-202006-368 // 
            
            
            
            NVD: CVE-2020-3238

SOURCES
db:CNVDid:CNVD-2021-31259
db:VULHUBid:VHN-181363
db:VULMONid:CVE-2020-3238
db:JVNDBid:JVNDB-2020-006102
db:CNNVDid:CNNVD-202006-368
db:NVDid:CVE-2020-3238

LAST UPDATE DATE
2024-11-23T22:05:36.528000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-31259date:2021-04-27T00:00:00
db:VULHUBid:VHN-181363date:2021-09-17T00:00:00
db:VULMONid:CVE-2020-3238date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2020-006102date:2020-06-30T00:00:00
db:CNNVDid:CNNVD-202006-368date:2021-01-05T00:00:00
db:NVDid:CVE-2020-3238date:2024-11-21T05:30:37.990

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-31259date:2021-04-27T00:00:00
db:VULHUBid:VHN-181363date:2020-06-03T00:00:00
db:VULMONid:CVE-2020-3238date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-006102date:2020-06-30T00:00:00
db:CNNVDid:CNNVD-202006-368date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3238date:2020-06-03T18:15:21.650