CVE-2020-3396
Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.
Una vulnerabilidad en el sistema de archivos en la USB 3.0 Solid State Drive (SSD) conectable para el Cisco IOS XE Software, podría permitir a un atacante físico autenticado eliminar el SSD USB 3.0 y modificar áreas sensibles del sistema de archivos, incluyendo las protecciones del contenedor de espacio de nombres. La vulnerabilidad se produce porque los datos de control del SSD USB 3.0 no se almacenan en la memoria flash de arranque interna. Un atacante podría explotar esta vulnerabilidad quitando el SSD USB 3.0, modificando o eliminando archivos en el SSD USB 3.0 usando otro dispositivo y luego reinsertando el SSD USB 3.0 en el dispositivo original. Una explotación con éxito podría permitir al atacante eliminar las protecciones del contenedor y realizar acciones de archivos fuera del espacio de nombres del contenedor con privilegios root.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-12 CVE Reserved
- 2020-09-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4g Integrated Services Router Search vendor "Cisco" for product "1100-4g Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4gltegb Integrated Services Router Search vendor "Cisco" for product "1100-4gltegb Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4gltena Integrated Services Router Search vendor "Cisco" for product "1100-4gltena Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-6g Integrated Services Router Search vendor "Cisco" for product "1100-6g Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-lte Integrated Services Router Search vendor "Cisco" for product "1100-lte Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100 Integrated Services Router Search vendor "Cisco" for product "1100 Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4321\/k9-rf Integrated Services Router Search vendor "Cisco" for product "4321\/k9-rf Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4321\/k9-ws Integrated Services Router Search vendor "Cisco" for product "4321\/k9-ws Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4321\/k9 Integrated Services Router Search vendor "Cisco" for product "4321\/k9 Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4331\/k9-rf Integrated Services Router Search vendor "Cisco" for product "4331\/k9-rf Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4331\/k9-ws Integrated Services Router Search vendor "Cisco" for product "4331\/k9-ws Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4331\/k9 Integrated Services Router Search vendor "Cisco" for product "4331\/k9 Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4351\/k9-rf Integrated Services Router Search vendor "Cisco" for product "4351\/k9-rf Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4351\/k9-ws Integrated Services Router Search vendor "Cisco" for product "4351\/k9-ws Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4351\/k9 Integrated Services Router Search vendor "Cisco" for product "4351\/k9 Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1000-x Search vendor "Cisco" for product "Asr 1000-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1001 Search vendor "Cisco" for product "Asr 1001" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1001-x Search vendor "Cisco" for product "Asr 1001-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1002 Search vendor "Cisco" for product "Asr 1002" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1002-x Search vendor "Cisco" for product "Asr 1002-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1004 Search vendor "Cisco" for product "Asr 1004" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1006 Search vendor "Cisco" for product "Asr 1006" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1013 Search vendor "Cisco" for product "Asr 1013" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1023 Search vendor "Cisco" for product "Asr 1023" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-24p Search vendor "Cisco" for product "Catalyst C9300-24p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-24s Search vendor "Cisco" for product "Catalyst C9300-24s" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-24t Search vendor "Cisco" for product "Catalyst C9300-24t" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-24u Search vendor "Cisco" for product "Catalyst C9300-24u" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-24ux Search vendor "Cisco" for product "Catalyst C9300-24ux" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-48p Search vendor "Cisco" for product "Catalyst C9300-48p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-48s Search vendor "Cisco" for product "Catalyst C9300-48s" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-48t Search vendor "Cisco" for product "Catalyst C9300-48t" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-48u Search vendor "Cisco" for product "Catalyst C9300-48u" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-48un Search vendor "Cisco" for product "Catalyst C9300-48un" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300-48uxm Search vendor "Cisco" for product "Catalyst C9300-48uxm" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300l-24p-4g Search vendor "Cisco" for product "Catalyst C9300l-24p-4g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300l-24p-4x Search vendor "Cisco" for product "Catalyst C9300l-24p-4x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300l-24t-4g Search vendor "Cisco" for product "Catalyst C9300l-24t-4g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300l-24t-4x Search vendor "Cisco" for product "Catalyst C9300l-24t-4x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300l-48p-4g Search vendor "Cisco" for product "Catalyst C9300l-48p-4g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300l-48p-4x Search vendor "Cisco" for product "Catalyst C9300l-48p-4x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300l-48t-4g Search vendor "Cisco" for product "Catalyst C9300l-48t-4g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9300l-48t-4x Search vendor "Cisco" for product "Catalyst C9300l-48t-4x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9404r Search vendor "Cisco" for product "Catalyst C9404r" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9407r Search vendor "Cisco" for product "Catalyst C9407r" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9410r Search vendor "Cisco" for product "Catalyst C9410r" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9500-12q Search vendor "Cisco" for product "Catalyst C9500-12q" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9500-16x Search vendor "Cisco" for product "Catalyst C9500-16x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9500-24q Search vendor "Cisco" for product "Catalyst C9500-24q" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9500-24y4c Search vendor "Cisco" for product "Catalyst C9500-24y4c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9500-32c Search vendor "Cisco" for product "Catalyst C9500-32c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9500-32qc Search vendor "Cisco" for product "Catalyst C9500-32qc" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9500-40x Search vendor "Cisco" for product "Catalyst C9500-40x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9500-48y4c Search vendor "Cisco" for product "Catalyst C9500-48y4c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Csr1000v Search vendor "Cisco" for product "Csr1000v" | - | - |
Safe
|