PT-2020-4545 · Cisco · Cisco Fxos

Published

2020-10-21

Updated

2020-11-03

CVE-2020-3459

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco FXOS Software (affected versions not specified)

Description A vulnerability exists due to insufficient input validation of commands supplied by the user, allowing an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The issue is related to the lack of proper neutralization of special elements used in the operating system command. An attacker could exploit this by authenticating to a device and submitting crafted input to the affected command, potentially allowing the execution of commands on the underlying operating system with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-78

Related Identifiers

BDU:2020-05057

BDU:2020-05094

CVE-2020-3459

Affected Products

Cisco Fxos

PT-2020-4545 · Cisco · Cisco Fxos

CVE-2020-3459

Weakness Enumeration

Related Identifiers

Affected Products

References · 6