VDB

CVE-2020-3238

CVE-2020-3238 PUBLISHED CVSS 8.100000381469727 HIGH

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the device that is hosting Cisco IOx.

EPSS 0.41% · 61.5th percentile

Risk Scores

CVSS 3.0
8.100000381469727
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score
0.41%
61.5th percentile

Affected Products

VendorProductVersions
CiscoCisco IOx*
ciscoiox0

Exploit Intelligence

Timeline

  • Jun 3, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 11, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score

References

…and 5 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›