CVE-2020-3152

Name of the Vulnerable Software and Affected Versions Cisco Connected Mobile Experiences (affected versions not specified)

Description The issue is related to improper user permissions configured by default on an affected system, allowing an attacker with administrative credentials to execute arbitrary commands with root privileges. An attacker could exploit this by sending crafted commands to the CLI, potentially elevating privileges and executing arbitrary commands on the underlying operating system as root.

Recommendations To resolve the issue, update the system to ensure proper user permissions are configured, preventing the execution of arbitrary commands with root privileges. As a temporary workaround, consider restricting access to the CLI for users with administrative credentials until a patch is available. Restrict the ability to send crafted commands to the CLI to minimize the risk of exploitation.