CVE-2020-3237

Name of the Vulnerable Software and Affected Versions Cisco IOx (affected versions not specified)

Description The issue is related to insufficient path restriction enforcement in the Cisco Application Framework component of the Cisco IOx application environment. This could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. An attacker could exploit this by including a crafted file in an application package, potentially allowing them to overwrite files. The vulnerability is also associated with errors in handling symbolic links.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.