CVE-2020-3236

Description

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using path traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files on an affected device.

Risk Information

Base Score

6.7

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.046

Associated Vulnerability

Vulnerability	OS Platform
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability For Cisco Enterprise NFV Infrastructure Software	NCM
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2020-3236)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1700665	Security Update for Cisco Enterprise NFV Infrastructure Software NFVIS-3.12.3

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234