CVE-2020-3477

Name of the Vulnerable Software and Affected Versions Cisco IOS Software (affected versions not specified) Cisco IOS XE Software (affected versions not specified)

Description The issue is related to errors in processing input data in the CLI parser of Cisco IOS and Cisco IOS XE. It could allow an authenticated, local attacker to access files from the flash: filesystem due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this by using a specific command at the command line, potentially obtaining read-only access to files on the flash: filesystem that would otherwise be inaccessible.

Recommendations Update to a version of Cisco IOS Software that addresses this issue. Update to a version of Cisco IOS XE Software that addresses this issue. As a temporary workaround, consider restricting access to the flash: filesystem until a patch is available. Avoid using specific commands that could exploit this issue until the software is updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.