How severe is CVE-2020-3208?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2020-3208?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2020-3208 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15.

Related Vulnerabilities

CVE-2014-3752

MEDIUM

CVSS:6.7(Medium)

The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.

CWE-2642014

CVE-2015-3321

MEDIUM

CVSS:6.7(Medium)

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.

CWE-2642015

CVE-2015-4045

MEDIUM

CVSS:6.7(Medium)

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.

CWE-2642015

CVE-2015-8660

MEDIUM

CVSS:6.7(Medium)

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and mo...

CWE-2642015

CVE-2016-0905

MEDIUM

CVSS:6.7(Medium)

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.

CWE-2642016

CVE-2016-0908

MEDIUM

CVSS:6.7(Medium)

EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.

CWE-2642016