How severe is CVE-2019-12672?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2019-12672?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2019-12672 - MEDIUM Severity | CVSS 6.2

Vulnerability Description

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device.

Related Vulnerabilities

CVE-2020-4717

MEDIUM

CVSS:6.2(Medium)

A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation....

CWE-592020

CVE-2020-4885

MEDIUM

CVSS:6.2(Medium)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force I...

CWE-592020

CVE-2020-5795

MEDIUM

CVSS:6.2(Medium)

UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafte...

CWE-592020

CVE-2020-8099

MEDIUM

CVSS:6.2(Medium)

A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue...

CWE-592020

CVE-2025-3908

MEDIUM

CVSS:6.2(Medium)

The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permiss...

CWE-592025

CVE-2013-1429

MEDIUM

CVSS:6.3(Medium)

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

CWE-592013