CVE-2019-12670

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.

Published : 2019-09-25 21:15 Updated : 2019-10-09 23:46

4.6
CVSS Score More info
Score 4.6 / 10
4.6
Vendor Product Version URI
Cisco Ios 16.10.1 cpe:/o:cisco:ios:16.10.1
  1. Cisco (1) Search CVE
    1. Ios (1) Search CVE
      1. 16.10.1

CWE

ID Name Description Links
CWE-732 Incorrect Permission Assignment for Critical Resource The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CVE

History of changes

Date Event
2019-10-02 12:46
2019-09-25 21:32

New CVE