// For flags

CVE-2020-3396

Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.

Una vulnerabilidad en el sistema de archivos en la USB 3.0 Solid State Drive (SSD) conectable para el Cisco IOS XE Software, podría permitir a un atacante físico autenticado eliminar el SSD USB 3.0 y modificar áreas sensibles del sistema de archivos, incluyendo las protecciones del contenedor de espacio de nombres. La vulnerabilidad se produce porque los datos de control del SSD USB 3.0 no se almacenan en la memoria flash de arranque interna. Un atacante podría explotar esta vulnerabilidad quitando el SSD USB 3.0, modificando o eliminando archivos en el SSD USB 3.0 usando otro dispositivo y luego reinsertando el SSD USB 3.0 en el dispositivo original. Una explotación con éxito podría permitir al atacante eliminar las protecciones del contenedor y realizar acciones de archivos fuera del espacio de nombres del contenedor con privilegios root.

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-12 CVE Reserved
  • 2020-09-24 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
1100-4g Integrated Services Router
Search vendor "Cisco" for product "1100-4g Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
1100-4gltegb Integrated Services Router
Search vendor "Cisco" for product "1100-4gltegb Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
1100-4gltena Integrated Services Router
Search vendor "Cisco" for product "1100-4gltena Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
1100-6g Integrated Services Router
Search vendor "Cisco" for product "1100-6g Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
1100-lte Integrated Services Router
Search vendor "Cisco" for product "1100-lte Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
1100 Integrated Services Router
Search vendor "Cisco" for product "1100 Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
4321\/k9-rf Integrated Services Router
Search vendor "Cisco" for product "4321\/k9-rf Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
4321\/k9-ws Integrated Services Router
Search vendor "Cisco" for product "4321\/k9-ws Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
4321\/k9 Integrated Services Router
Search vendor "Cisco" for product "4321\/k9 Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
4331\/k9-rf Integrated Services Router
Search vendor "Cisco" for product "4331\/k9-rf Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
4331\/k9-ws Integrated Services Router
Search vendor "Cisco" for product "4331\/k9-ws Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
4331\/k9 Integrated Services Router
Search vendor "Cisco" for product "4331\/k9 Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
4351\/k9-rf Integrated Services Router
Search vendor "Cisco" for product "4351\/k9-rf Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
4351\/k9-ws Integrated Services Router
Search vendor "Cisco" for product "4351\/k9-ws Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
4351\/k9 Integrated Services Router
Search vendor "Cisco" for product "4351\/k9 Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Asr 1000-x
Search vendor "Cisco" for product "Asr 1000-x"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Asr 1001
Search vendor "Cisco" for product "Asr 1001"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Asr 1001-x
Search vendor "Cisco" for product "Asr 1001-x"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Asr 1002
Search vendor "Cisco" for product "Asr 1002"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Asr 1002-x
Search vendor "Cisco" for product "Asr 1002-x"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Asr 1004
Search vendor "Cisco" for product "Asr 1004"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Asr 1006
Search vendor "Cisco" for product "Asr 1006"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Asr 1013
Search vendor "Cisco" for product "Asr 1013"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Asr 1023
Search vendor "Cisco" for product "Asr 1023"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-24p
Search vendor "Cisco" for product "Catalyst C9300-24p"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-24s
Search vendor "Cisco" for product "Catalyst C9300-24s"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-24t
Search vendor "Cisco" for product "Catalyst C9300-24t"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-24u
Search vendor "Cisco" for product "Catalyst C9300-24u"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-24ux
Search vendor "Cisco" for product "Catalyst C9300-24ux"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-48p
Search vendor "Cisco" for product "Catalyst C9300-48p"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-48s
Search vendor "Cisco" for product "Catalyst C9300-48s"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-48t
Search vendor "Cisco" for product "Catalyst C9300-48t"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-48u
Search vendor "Cisco" for product "Catalyst C9300-48u"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-48un
Search vendor "Cisco" for product "Catalyst C9300-48un"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300-48uxm
Search vendor "Cisco" for product "Catalyst C9300-48uxm"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300l-24p-4g
Search vendor "Cisco" for product "Catalyst C9300l-24p-4g"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300l-24p-4x
Search vendor "Cisco" for product "Catalyst C9300l-24p-4x"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300l-24t-4g
Search vendor "Cisco" for product "Catalyst C9300l-24t-4g"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300l-24t-4x
Search vendor "Cisco" for product "Catalyst C9300l-24t-4x"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300l-48p-4g
Search vendor "Cisco" for product "Catalyst C9300l-48p-4g"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300l-48p-4x
Search vendor "Cisco" for product "Catalyst C9300l-48p-4x"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300l-48t-4g
Search vendor "Cisco" for product "Catalyst C9300l-48t-4g"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9300l-48t-4x
Search vendor "Cisco" for product "Catalyst C9300l-48t-4x"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9404r
Search vendor "Cisco" for product "Catalyst C9404r"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9407r
Search vendor "Cisco" for product "Catalyst C9407r"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9410r
Search vendor "Cisco" for product "Catalyst C9410r"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9500-12q
Search vendor "Cisco" for product "Catalyst C9500-12q"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9500-16x
Search vendor "Cisco" for product "Catalyst C9500-16x"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9500-24q
Search vendor "Cisco" for product "Catalyst C9500-24q"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9500-24y4c
Search vendor "Cisco" for product "Catalyst C9500-24y4c"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9500-32c
Search vendor "Cisco" for product "Catalyst C9500-32c"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9500-32qc
Search vendor "Cisco" for product "Catalyst C9500-32qc"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9500-40x
Search vendor "Cisco" for product "Catalyst C9500-40x"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Catalyst C9500-48y4c
Search vendor "Cisco" for product "Catalyst C9500-48y4c"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
in Cisco
Search vendor "Cisco"
Csr1000v
Search vendor "Cisco" for product "Csr1000v"
--
Safe