VDB
CVE-2020-3478
CVE-2020-3478
PUBLISHED
CVSS 8.100000381469727 HIGH
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system.
EPSS 0.54% · 68.1th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score
0.54%
68.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | enterprise_network_function_virtualization_infrastructure | 3.5.1 |
| Cisco | Cisco Enterprise NFV Infrastructure Software | n/a |
Exploit Intelligence
Timeline
- Sep 3, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-vY8M4KGB advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-file-overwrite-UONzPMkr advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-3478 advisory