CVE-2020-3176

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise.

CVSS v3 6.7 MEDIUM
CVSS v2.0 7.2 HIGH

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rphy-cmdinject-DpEjeTgF	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:remote_phy_120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:remote_phy_120:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:remote_phy_220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:remote_phy_220:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:remote_phy_shelf_7200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:remote_phy_shelf_7200:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-04 19:15

Updated : 2023-12-10 13:13

NVD link : CVE-2020-3176

Mitre link : CVE-2020-3176

CVE.ORG link : CVE-2020-3176

JSON object : View

Products Affected

cisco

remote_phy_120
remote_phy_shelf_7200_firmware
remote_phy_120_firmware
remote_phy_220_firmware
remote_phy_shelf_7200
remote_phy_220

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2020-3176", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2020-03-04T19:15:13.040", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rphy-cmdinject-DpEjeTgF", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Remote PHY Device Software, podr\u00eda permitir a un atacante local autenticado ejecutar comandos en el shell de Linux subyacente de un dispositivo afectado con privilegios root. La vulnerabilidad se presenta porque el software afectado no sanea apropiadamente la entrada suministrada por el usuario. Un atacante que tenga acceso de administrador v\u00e1lido a un dispositivo afectado podr\u00eda explotar esta vulnerabilidad al proporcionar determinados comandos de la CLI con argumentos dise\u00f1ados. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos arbitrarios como usuario root, lo que podr\u00eda resultar en un compromiso completo del sistema."}], "lastModified": "2020-03-05T16:40:19.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:remote_phy_120_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53DCCC42-ED9D-47A1-9CC6-52536A61C01B", "versionEndExcluding": "7.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:remote_phy_120:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05827362-30F2-479A-9699-842C929D3586"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:remote_phy_220_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD9D71F7-3A2D-42D6-B722-FF7254B80A2A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:remote_phy_220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D68A45F-DB59-4238-AF2D-B2AD31717616"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:remote_phy_shelf_7200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E012DF7-7094-41C3-A8E1-B95AF14E2D96"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:remote_phy_shelf_7200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "135D4A14-56AA-4F69-97EA-1005C4479241"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}