CVE-2020-3365

Name of the Vulnerable Software and Affected Versions: Cisco Enterprise NFV Infrastructure Software (NFVIS) (affected versions not specified)

Description: A flaw in the directory permissions logic of the software could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability can be exploited by using capabilities not controlled by the role-based access control (RBAC) mechanisms, potentially allowing the attacker to overwrite files on an affected device. This issue is related to incorrect restriction of directory path names, which may enable a remote attacker to overwrite arbitrary files in the operating system of a vulnerable device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.