var-202003-1178
Vulnerability from variot
A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise. (DoS) It may be put into a state. Cisco Remote PHY 120 is a remote PHY (port physical layer) device from Cisco in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "remote phy 220",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "remote phy shelf 7200",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "remote phy 120",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "remote phy 120",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "remote phy 220",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "remote phy shelf 7200",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "remote phy 120",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "remote phy release",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "120\u003c7.7"
},
{
"model": "remote phy all versions",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "220"
},
{
"model": "remote phy shelf all versions",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7200"
},
{
"model": "remote phy shelf 7200",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "remote phy 220",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19234"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-163"
},
{
"db": "NVD",
"id": "CVE-2020-3176"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:remote_phy_120_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:remote_phy_220_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:remote_phy_shelf_7200_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002424"
}
]
},
"cve": "CVE-2020-3176",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3176",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-002424",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "CNVD-2020-19234",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2020-3176",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2020-3176",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002424",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3176",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3176",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-002424",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19234",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-163",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19234"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-163"
},
{
"db": "NVD",
"id": "CVE-2020-3176"
},
{
"db": "NVD",
"id": "CVE-2020-3176"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise. (DoS) It may be put into a state. Cisco Remote PHY 120 is a remote PHY (port physical layer) device from Cisco in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3176"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002424"
},
{
"db": "CNVD",
"id": "CNVD-2020-19234"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3176",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002424",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-19234",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0808",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-163",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19234"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-163"
},
{
"db": "NVD",
"id": "CVE-2020-3176"
}
]
},
"id": "VAR-202003-1178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19234"
}
],
"trust": 1.4333333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19234"
}
]
},
"last_update_date": "2024-11-23T22:05:46.284000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rphy-cmdinject-DpEjeTgF",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rphy-cmdinject-DpEjeTgF"
},
{
"title": "Patch for Cisco Remote PHY 120, Remote PHY 220, and Remote PHY Shelf 7200 command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/210731"
},
{
"title": "Cisco Remote PHY 120 , Remote PHY 220 and Remote PHY Shelf 7200 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111606"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19234"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-163"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002424"
},
{
"db": "NVD",
"id": "CVE-2020-3176"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3176"
},
{
"trust": 1.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rphy-cmdinject-dpejetgf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3176"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0808/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19234"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-163"
},
{
"db": "NVD",
"id": "CVE-2020-3176"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-19234"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002424"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-163"
},
{
"db": "NVD",
"id": "CVE-2020-3176"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19234"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002424"
},
{
"date": "2020-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-163"
},
{
"date": "2020-03-04T19:15:13.040000",
"db": "NVD",
"id": "CVE-2020-3176"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19234"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002424"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-163"
},
{
"date": "2024-11-21T05:30:29.177000",
"db": "NVD",
"id": "CVE-2020-3176"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-163"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Remote PHY In device software OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-163"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.