What is CVE-2020-3478?

CVE-2020-3478 is a high-severity vulnerability in Cisco Enterprise Nfv Infrastructure Software, classified under Improper Input Validation. CVSS score: 8.1/10. Published 2020-09-04.

How severe is CVE-2020-3478?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2020-3478 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Cisco Enterprise Nfv Infrastructure Software

CVE-2020-3478

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to i…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.005 (68.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H.

Affected products

Cisco Enterprise Nfv Infrastructure Software — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

404notf0und/CVE-Flow

References

20200902 Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3478?: CVE-2020-3478 is a high-severity vulnerability in Cisco Enterprise Nfv Infrastructure Software, classified under Improper Input Validation. CVSS score: 8.1/10. Published 2020-09-04.
How severe is CVE-2020-3478?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2020-3478 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.