Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3396

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.

Published

2020-09-24T18:15:17.683

Last Modified

2024-11-21T05:30:56.857

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.4

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-284
  • Type: Primary
    CWE-269
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios_xe 16.12.1 Yes
Hardware cisco 1100-4g_integrated_services_router - No
Hardware cisco 1100-4gltegb_integrated_services_router - No
Hardware cisco 1100-4gltena_integrated_services_router - No
Hardware cisco 1100-6g_integrated_services_router - No
Hardware cisco 1100-lte_integrated_services_router - No
Hardware cisco 1100_integrated_services_router - No
Hardware cisco 4321\/k9-rf_integrated_services_router - No
Hardware cisco 4321\/k9-ws_integrated_services_router - No
Hardware cisco 4321\/k9_integrated_services_router - No
Hardware cisco 4331\/k9-rf_integrated_services_router - No
Hardware cisco 4331\/k9-ws_integrated_services_router - No
Hardware cisco 4331\/k9_integrated_services_router - No
Hardware cisco 4351\/k9-rf_integrated_services_router - No
Hardware cisco 4351\/k9-ws_integrated_services_router - No
Hardware cisco 4351\/k9_integrated_services_router - No
Hardware cisco asr_1000-x - No
Hardware cisco asr_1001 - No
Hardware cisco asr_1001-x - No
Hardware cisco asr_1002 - No
Hardware cisco asr_1002-x - No
Hardware cisco asr_1004 - No
Hardware cisco asr_1006 - No
Hardware cisco asr_1013 - No
Hardware cisco asr_1023 - No
Hardware cisco catalyst_c9300-24p - No
Hardware cisco catalyst_c9300-24s - No
Hardware cisco catalyst_c9300-24t - No
Hardware cisco catalyst_c9300-24u - No
Hardware cisco catalyst_c9300-24ux - No
Hardware cisco catalyst_c9300-48p - No
Hardware cisco catalyst_c9300-48s - No
Hardware cisco catalyst_c9300-48t - No
Hardware cisco catalyst_c9300-48u - No
Hardware cisco catalyst_c9300-48un - No
Hardware cisco catalyst_c9300-48uxm - No
Hardware cisco catalyst_c9300l-24p-4g - No
Hardware cisco catalyst_c9300l-24p-4x - No
Hardware cisco catalyst_c9300l-24t-4g - No
Hardware cisco catalyst_c9300l-24t-4x - No
Hardware cisco catalyst_c9300l-48p-4g - No
Hardware cisco catalyst_c9300l-48p-4x - No
Hardware cisco catalyst_c9300l-48t-4g - No
Hardware cisco catalyst_c9300l-48t-4x - No
Hardware cisco catalyst_c9404r - No
Hardware cisco catalyst_c9407r - No
Hardware cisco catalyst_c9410r - No
Hardware cisco catalyst_c9500-12q - No
Hardware cisco catalyst_c9500-16x - No
Hardware cisco catalyst_c9500-24q - No
Hardware cisco catalyst_c9500-24y4c - No
Hardware cisco catalyst_c9500-32c - No
Hardware cisco catalyst_c9500-32qc - No
Hardware cisco catalyst_c9500-40x - No
Hardware cisco catalyst_c9500-48y4c - No
Hardware cisco csr1000v - No
References