CVE-2020-3152
MEDIUMCisco Connected Mobile Experiences - Authenticated Privilege Escalation via CLI Command Injection
Title source: llmDescription
A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-prvesc-6g37hjAL
Scores
CVSS v3
6.7
EPSS
0.0002
EPSS Percentile
4.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-275
CWE-276
Status
published
Products (3)
cisco/connected_mobile_experiences
10.6.0
cisco/connected_mobile_experiences
10.6.1
cisco/connected_mobile_experiences
10.6.2
Published
Aug 26, 2020
Tracked Since
Feb 18, 2026