A vulnerability has been found in Cisco FXOS (the affected version unknown) and classified as critical. This vulnerability affects an unknown part. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability.

The weakness was shared 09/04/2020 as cisco-sa-fxos-buffer-cSdmfWUt as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability was named CVE-2020-3545 since 12/12/2019. The attack needs to be approached locally. A single authentication is necessary for exploitation. There are neither technical details nor an exploit publicly available.

Upgrading eliminates this vulnerability.

Productinfo

Vendor

• Cisco

Name

• FXOS

License

• commercial

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion