{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T04:32:50.410","vulnerabilities":[{"cve":{"id":"CVE-2020-3152","sourceIdentifier":"psirt@cisco.com","published":"2020-08-26T17:15:13.193","lastModified":"2024-11-21T05:30:26.070","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials."},{"lang":"es","value":"Una vulnerabilidad en Cisco Connected Mobile Experiences (CMX) podría permitir a un atacante autenticado local con credenciales administrativas ejecutar comandos arbitrarios con privilegios root. La vulnerabilidad es debido a permisos de usuario inapropiados que están configurados por defecto en un sistema afectado. Un atacante podría explotar esta vulnerabilidad mediante el envío de comandos diseñados hacia la CLI. Una explotación con éxito podría permitir a un atacante elevar los privilegios y ejecutar comandos arbitrarios en el sistema operativo subyacente como root. Para explotar esta vulnerabilidad, un atacante necesitaría tener credenciales administrativas válidas"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-275"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:connected_mobile_experiences:10.6.0:*:*:*:*:*:*:*","matchCriteriaId":"46B3BCD8-4F1F-4503-9427-1787B7B5B112"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:connected_mobile_experiences:10.6.1:*:*:*:*:*:*:*","matchCriteriaId":"A4548832-9572-4CBF-B77F-1A72ABAF2910"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:connected_mobile_experiences:10.6.2:*:*:*:*:*:*:*","matchCriteriaId":"3B8CAC5F-18EF-446B-9A69-A5AB70EA753A"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-prvesc-6g37hjAL","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-prvesc-6g37hjAL","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}