CVE-2020-3396

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.

CVSS v3 7.2 HIGH
CVSS v2.0 6.9 MEDIUM

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321\/k9-rf_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321\/k9-ws_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321\/k9_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331\/k9-rf_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331\/k9-ws_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331\/k9_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351\/k9-rf_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351\/k9-ws_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351\/k9_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:asr_1000-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
	cpe:2.3:h:cisco:asr_1023:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24ux:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48un:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9404r:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9407r:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9410r:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-12q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-16x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32qc:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-40x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:::::::*
	cpe:2.3:h:cisco:csr1000v:-:::::::*

History

23 May 2023, 13:55

Type	Values Removed	Values Added
First Time		Cisco 4331\/k9 Integrated Services Router Cisco 4351\/k9-ws Integrated Services Router Cisco 4331\/k9-ws Integrated Services Router Cisco 1100-4gltegb Integrated Services Router Cisco 1100-lte Integrated Services Router Cisco 1100-4g Integrated Services Router Cisco 1100 Integrated Services Router Cisco 4321\/k9 Integrated Services Router Cisco 4351\/k9-rf Integrated Services Router Cisco 4331\/k9-rf Integrated Services Router Cisco 4351\/k9 Integrated Services Router Cisco 1100-4gltena Integrated Services Router Cisco 4321\/k9-rf Integrated Services Router Cisco 4321\/k9-ws Integrated Services Router Cisco 1100-6g Integrated Services Router
CPE	cpe:2.3:h:cisco:isr4351\/k9-rf:-:::::::* cpe:2.3:h:cisco:isr1100-lte:-:::::::* cpe:2.3:h:cisco:isr1100-4gltegb:-:::::::* cpe:2.3:h:cisco:isr4331\/k9:-:::::::* cpe:2.3:h:cisco:isr4321\/k9-ws:-:::::::* cpe:2.3:h:cisco:isr4331\/k9-rf:-:::::::* cpe:2.3:h:cisco:isr4351\/k9:-:::::::* cpe:2.3:h:cisco:isr1100-4gltena:-:::::::* cpe:2.3:h:cisco:isr4321\/k9-rf:-:::::::* cpe:2.3:h:cisco:isr1100-4g:-:::::::* cpe:2.3:h:cisco:isr4321\/k9:-:::::::* cpe:2.3:h:cisco:isr1100-6g:-:::::::* cpe:2.3:h:cisco:isr1100:-:::::::* cpe:2.3:h:cisco:isr4331\/k9-ws:-:::::::* cpe:2.3:h:cisco:isr4351\/k9-ws:-:::::::*	cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4351\/k9-rf_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4331\/k9_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4351\/k9_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4321\/k9-rf_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4331\/k9-rf_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4351\/k9-ws_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4321\/k9_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4331\/k9-ws_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4321\/k9-ws_integrated_services_router:-:::::::*

Information

Published : 2020-09-24 18:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-3396

Mitre link : CVE-2020-3396

CVE.ORG link : CVE-2020-3396

JSON object : View

Products Affected

cisco

1100-6g_integrated_services_router
4331\/k9_integrated_services_router
catalyst_c9410r
1100-4gltena_integrated_services_router
catalyst_c9300-24u
4321\/k9-rf_integrated_services_router
asr_1001
catalyst_c9300-24s
asr_1006
catalyst_c9300-24t
catalyst_c9500-32c
catalyst_c9300l-24t-4g
catalyst_c9500-12q
catalyst_c9500-40x
catalyst_c9300-24p
catalyst_c9407r
catalyst_c9300l-24t-4x
asr_1002-x
catalyst_c9300l-48t-4x
1100-4gltegb_integrated_services_router
asr_1004
asr_1000-x
catalyst_c9300l-48t-4g
catalyst_c9500-24y4c
catalyst_c9500-32qc
csr1000v
catalyst_c9300-48uxm
catalyst_c9300l-48p-4g
catalyst_c9404r
catalyst_c9300-48u
catalyst_c9300-24ux
4321\/k9_integrated_services_router
catalyst_c9300-48s
ios_xe
catalyst_c9500-24q
1100-lte_integrated_services_router
asr_1023
4331\/k9-ws_integrated_services_router
asr_1001-x
asr_1013
catalyst_c9500-48y4c
4351\/k9-ws_integrated_services_router
catalyst_c9300l-24p-4x
4331\/k9-rf_integrated_services_router
4351\/k9_integrated_services_router
catalyst_c9300-48p
1100-4g_integrated_services_router
4321\/k9-ws_integrated_services_router
asr_1002
catalyst_c9300l-48p-4x
catalyst_c9500-16x
catalyst_c9300l-24p-4g
catalyst_c9300-48t
1100_integrated_services_router
catalyst_c9300-48un
4351\/k9-rf_integrated_services_router

CWE

CWE-269

Improper Privilege Management

CWE-284

Improper Access Control

7.2 /10