nvd-json-data-feeds/CVE-2020/CVE-2020-31xx/CVE-2020-3151.json

{
  "id": "CVE-2020-3151",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2020-08-26T17:15:13.083",
  "lastModified": "2020-09-01T18:19:58.690",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to escape the restricted shell and execute a set of normally unauthorized commands with the privileges of a non-root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la CLI de Cisco Connected Mobile Experiences (CMX) podr\u00eda permitir a un atacante autenticado local con credenciales administrativas omita las restricciones en la CLI. La vulnerabilidad es debido a mecanismos de seguridad insuficientes en la implementaci\u00f3n de shell restringido. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de comandos dise\u00f1ados hacia la CLI. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante escapar el shell restringido y ejecutar un conjunto de comandos normalmente no autorizados con los privilegios de un usuario no root. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales administrativas v\u00e1lidas"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.7
      }
    ],
    "cvssMetricV30": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.2
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.6
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    },
    {
      "source": "ykramarz@cisco.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:10.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B3BCD8-4F1F-4503-9427-1787B7B5B112"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:10.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4548832-9572-4CBF-B77F-1A72ABAF2910"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:10.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B8CAC5F-18EF-446B-9A69-A5AB70EA753A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-rshell-esc-L6hBwjbg",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}