{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T03:35:47.283","vulnerabilities":[{"cve":{"id":"CVE-2020-3223","sourceIdentifier":"psirt@cisco.com","published":"2020-06-03T18:15:20.357","lastModified":"2024-11-21T05:30:35.800","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de usuario basada en web (IU web) de Cisco IOS XE Software, podría permitir a un atacante remoto autenticado con privilegios administrativos leer archivos arbitrarios en el sistema de archivos subyacente del dispositivo. La vulnerabilidad es debido a una limitación insuficiente del alcance del archivo. Un atacante podría explotar esta vulnerabilidad al crear una referencia de archivo específica en el sistema de archivos y luego acceder a ella por medio de la Interfaz de Usuario web. Una explotación podría permitir al atacante leer archivos arbitrarios del sistema de archivos del sistema operativo subyacente."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV30":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:N/A:N","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*","matchCriteriaId":"E4BF9829-F80E-4837-A420-39B291C4E17B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.9.4c:*:*:*:*:*:*:*","matchCriteriaId":"D07F9539-CFBE-46F7-9F5E-93A68169797D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*","matchCriteriaId":"E91F8704-6DAD-474A-84EA-04E4AF7BB9B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*","matchCriteriaId":"314C7763-A64D-4023-9F3F-9A821AE4151F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*","matchCriteriaId":"5820D71D-FC93-45AA-BC58-A26A1A39C936"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*","matchCriteriaId":"FC1C85DD-69CC-4AA8-B219-651D57FC3506"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*","matchCriteriaId":"DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*","matchCriteriaId":"B53E377A-0296-4D7A-B97C-576B0026543D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*","matchCriteriaId":"C98DED36-D4B5-48D6-964E-EEEE97936700"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*","matchCriteriaId":"CD98C9E8-3EA6-4160-970D-37C389576516"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*","matchCriteriaId":"C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*","matchCriteriaId":"9027A528-2588-4C06-810B-5BB313FE4323"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*","matchCriteriaId":"7745ED34-D59D-49CC-B174-96BCA03B3374"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*","matchCriteriaId":"19AF4CF3-6E79-4EA3-974D-CD451A192BA9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*","matchCriteriaId":"93B96E01-3777-4C33-9225-577B469A6CE5"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-filerd-HngnDYGk","source":"psirt@cisco.com","tags":["Patch","Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-filerd-HngnDYGk","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}