CVE-2020-3477 — Vulnetix

CVE-2020-3477 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.

EPSS 0.05% · 15.9th percentile

Risk Scores

CVSS 3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.05%

15.9th percentile

Affected Products

Vendor	Product	Versions
cisco	ios	16.3.11
Cisco	Cisco IOS	*

Exploit Intelligence

20200924 Cisco IOS and IOS XE Software Information Disclosure Vulnerability (circl)

Timeline

Sep 24, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 9, 2021 EPSS Score
Oct 10, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score

References

https://nvd.nist.gov/vuln/detail/CVE-2020-3477 advisory
20200924 Cisco IOS and IOS XE Software Information Disclosure Vulnerability vendor-advisory

Open in Interactive Console →