admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-32xx/CVE-2020-3223.json

207 lines
7.4 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2020-3223",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2020-06-03T18:15:20.357",
"lastModified": "2020-06-09T17:42:41.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de usuario basada en web (IU web) de Cisco IOS XE Software, podr\u00eda permitir a un atacante remoto autenticado con privilegios administrativos leer archivos arbitrarios en el sistema de archivos subyacente del dispositivo. La vulnerabilidad es debido a una limitaci\u00f3n insuficiente del alcance del archivo. Un atacante podr\u00eda explotar esta vulnerabilidad al crear una referencia de archivo espec\u00edfica en el sistema de archivos y luego acceder a ella por medio de la Interfaz de Usuario web. Una explotaci\u00f3n podr\u00eda permitir al atacante leer archivos arbitrarios del sistema de archivos del sistema operativo subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF9829-F80E-4837-A420-39B291C4E17B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4c:*:*:*:*:*:*:*",
"matchCriteriaId": "D07F9539-CFBE-46F7-9F5E-93A68169797D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B53E377A-0296-4D7A-B97C-576B0026543D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*",
"matchCriteriaId": "7745ED34-D59D-49CC-B174-96BCA03B3374"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*",
"matchCriteriaId": "19AF4CF3-6E79-4EA3-974D-CD451A192BA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*",
"matchCriteriaId": "93B96E01-3777-4C33-9225-577B469A6CE5"
}
]
}
]
}
],
"references": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-filerd-HngnDYGk",
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue Copy Permalink