Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-IOS-LUA-RCE-7VEJX4F
HistorySep 24, 2020 - 4:00 p.m.

Cisco IOS XE Software Arbitrary Code Execution Vulnerability

2020-09-2416:00:00
tools.cisco.com
15

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device.

The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lua-rce-7VeJX4f [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lua-rce-7VeJX4f”]

Affected configurations

Vulners
Node
ciscorvs4000_softwareMatch3.7s
OR
ciscorvs4000_softwareMatch3.8s
OR
ciscorvs4000_softwareMatch3.9s
OR
ciscorvs4000_softwareMatch3.10s
OR
ciscorvs4000_softwareMatch3.11s
OR
ciscorvs4000_softwareMatch3.12s
OR
ciscorvs4000_softwareMatch3.13s
OR
ciscorvs4000_softwareMatch3.14s
OR
ciscorvs4000_softwareMatch3.15s
OR
ciscorvs4000_softwareMatch3.16s
OR
ciscorvs4000_softwareMatch3.17s
OR
ciscorvs4000_softwareMatch16.2
OR
ciscorvs4000_softwareMatch16.3
OR
ciscorvs4000_softwareMatch16.4
OR
ciscorvs4000_softwareMatch16.5
OR
ciscorvs4000_softwareMatch16.6
OR
ciscorvs4000_softwareMatch16.7
OR
ciscorvs4000_softwareMatch16.8
OR
ciscorvs4000_softwareMatch16.9
OR
ciscorvs4000_softwareMatch16.10
OR
ciscorvs4000_softwareMatch16.11
OR
ciscorvs4000_softwareMatch16.12
OR
ciscorvs4000_softwareMatch17.1
OR
ciscorvs4000_softwareMatch17.2
OR
ciscorvs4000_softwareMatch3.7.0s
OR
ciscorvs4000_softwareMatch3.7.1s
OR
ciscorvs4000_softwareMatch3.7.2s
OR
ciscorvs4000_softwareMatch3.7.3s
OR
ciscorvs4000_softwareMatch3.7.4s
OR
ciscorvs4000_softwareMatch3.7.5s
OR
ciscorvs4000_softwareMatch3.7.6s
OR
ciscorvs4000_softwareMatch3.7.7s
OR
ciscorvs4000_softwareMatch3.7.8s
OR
ciscorvs4000_softwareMatch3.7.4as
OR
ciscorvs4000_softwareMatch3.7.2ts
OR
ciscorvs4000_softwareMatch3.7.0bs
OR
ciscorvs4000_softwareMatch3.8.0s
OR
ciscorvs4000_softwareMatch3.8.1s
OR
ciscorvs4000_softwareMatch3.8.2s
OR
ciscorvs4000_softwareMatch3.9.1s
OR
ciscorvs4000_softwareMatch3.9.0s
OR
ciscorvs4000_softwareMatch3.9.2s
OR
ciscorvs4000_softwareMatch3.9.0as
OR
ciscorvs4000_softwareMatch3.10.0s
OR
ciscorvs4000_softwareMatch3.10.1s
OR
ciscorvs4000_softwareMatch3.10.2s
OR
ciscorvs4000_softwareMatch3.10.3s
OR
ciscorvs4000_softwareMatch3.10.4s
OR
ciscorvs4000_softwareMatch3.10.5s
OR
ciscorvs4000_softwareMatch3.10.6s
OR
ciscorvs4000_softwareMatch3.10.2as
OR
ciscorvs4000_softwareMatch3.10.2ts
OR
ciscorvs4000_softwareMatch3.10.7s
OR
ciscorvs4000_softwareMatch3.10.8s
OR
ciscorvs4000_softwareMatch3.10.8as
OR
ciscorvs4000_softwareMatch3.10.9s
OR
ciscorvs4000_softwareMatch3.10.10s
OR
ciscorvs4000_softwareMatch3.11.1s
OR
ciscorvs4000_softwareMatch3.11.2s
OR
ciscorvs4000_softwareMatch3.11.0s
OR
ciscorvs4000_softwareMatch3.11.3s
OR
ciscorvs4000_softwareMatch3.11.4s
OR
ciscorvs4000_softwareMatch3.12.0s
OR
ciscorvs4000_softwareMatch3.12.1s
OR
ciscorvs4000_softwareMatch3.12.2s
OR
ciscorvs4000_softwareMatch3.12.3s
OR
ciscorvs4000_softwareMatch3.12.0as
OR
ciscorvs4000_softwareMatch3.12.4s
OR
ciscorvs4000_softwareMatch3.13.0s
OR
ciscorvs4000_softwareMatch3.13.1s
OR
ciscorvs4000_softwareMatch3.13.2s
OR
ciscorvs4000_softwareMatch3.13.3s
OR
ciscorvs4000_softwareMatch3.13.4s
OR
ciscorvs4000_softwareMatch3.13.5s
OR
ciscorvs4000_softwareMatch3.13.2as
OR
ciscorvs4000_softwareMatch3.13.5as
OR
ciscorvs4000_softwareMatch3.13.6s
OR
ciscorvs4000_softwareMatch3.13.7s
OR
ciscorvs4000_softwareMatch3.13.6as
OR
ciscorvs4000_softwareMatch3.13.6bs
OR
ciscorvs4000_softwareMatch3.13.7as
OR
ciscorvs4000_softwareMatch3.13.8s
OR
ciscorvs4000_softwareMatch3.13.9s
OR
ciscorvs4000_softwareMatch3.13.10s
OR
ciscorvs4000_softwareMatch3.14.0s
OR
ciscorvs4000_softwareMatch3.14.1s
OR
ciscorvs4000_softwareMatch3.14.2s
OR
ciscorvs4000_softwareMatch3.14.3s
OR
ciscorvs4000_softwareMatch3.14.4s
OR
ciscorvs4000_softwareMatch3.15.0s
OR
ciscorvs4000_softwareMatch3.15.1s
OR
ciscorvs4000_softwareMatch3.15.2s
OR
ciscorvs4000_softwareMatch3.15.1cs
OR
ciscorvs4000_softwareMatch3.15.3s
OR
ciscorvs4000_softwareMatch3.15.4s
OR
ciscorvs4000_softwareMatch3.16.0s
OR
ciscorvs4000_softwareMatch3.16.1as
OR
ciscorvs4000_softwareMatch3.16.2s
OR
ciscorvs4000_softwareMatch3.16.0cs
OR
ciscorvs4000_softwareMatch3.16.3s
OR
ciscorvs4000_softwareMatch3.16.2bs
OR
ciscorvs4000_softwareMatch3.16.4as
OR
ciscorvs4000_softwareMatch3.16.4bs
OR
ciscorvs4000_softwareMatch3.16.4gs
OR
ciscorvs4000_softwareMatch3.16.5s
OR
ciscorvs4000_softwareMatch3.16.4cs
OR
ciscorvs4000_softwareMatch3.16.4ds
OR
ciscorvs4000_softwareMatch3.16.4es
OR
ciscorvs4000_softwareMatch3.16.6s
OR
ciscorvs4000_softwareMatch3.16.5as
OR
ciscorvs4000_softwareMatch3.16.5bs
OR
ciscorvs4000_softwareMatch3.16.7s
OR
ciscorvs4000_softwareMatch3.16.6bs
OR
ciscorvs4000_softwareMatch3.16.7as
OR
ciscorvs4000_softwareMatch3.16.7bs
OR
ciscorvs4000_softwareMatch3.16.8s
OR
ciscorvs4000_softwareMatch3.16.9s
OR
ciscorvs4000_softwareMatch3.16.10s
OR
ciscorvs4000_softwareMatch3.17.0s
OR
ciscorvs4000_softwareMatch3.17.1s
OR
ciscorvs4000_softwareMatch3.17.2s
OR
ciscorvs4000_softwareMatch3.17.1as
OR
ciscorvs4000_softwareMatch3.17.3s
OR
ciscorvs4000_softwareMatch3.17.4s
OR
ciscorvs4000_softwareMatch16.2.1
OR
ciscorvs4000_softwareMatch16.2.2
OR
ciscorvs4000_softwareMatch16.3.1
OR
ciscorvs4000_softwareMatch16.3.2
OR
ciscorvs4000_softwareMatch16.3.3
OR
ciscorvs4000_softwareMatch16.3.1a
OR
ciscorvs4000_softwareMatch16.3.4
OR
ciscorvs4000_softwareMatch16.3.5
OR
ciscorvs4000_softwareMatch16.3.6
OR
ciscorvs4000_softwareMatch16.3.7
OR
ciscorvs4000_softwareMatch16.3.8
OR
ciscorvs4000_softwareMatch16.3.9
OR
ciscorvs4000_softwareMatch16.3.10
OR
ciscorvs4000_softwareMatch16.4.1
OR
ciscorvs4000_softwareMatch16.4.2
OR
ciscorvs4000_softwareMatch16.4.3
OR
ciscorvs4000_softwareMatch16.5.1
OR
ciscorvs4000_softwareMatch16.5.1b
OR
ciscorvs4000_softwareMatch16.5.2
OR
ciscorvs4000_softwareMatch16.5.3
OR
ciscorvs4000_softwareMatch16.6.1
OR
ciscorvs4000_softwareMatch16.6.2
OR
ciscorvs4000_softwareMatch16.6.3
OR
ciscorvs4000_softwareMatch16.6.4
OR
ciscorvs4000_softwareMatch16.6.5
OR
ciscorvs4000_softwareMatch16.6.4s
OR
ciscorvs4000_softwareMatch16.6.6
OR
ciscorvs4000_softwareMatch16.6.5b
OR
ciscorvs4000_softwareMatch16.6.7
OR
ciscorvs4000_softwareMatch16.6.7a
OR
ciscorvs4000_softwareMatch16.6.8
OR
ciscorvs4000_softwareMatch16.7.1
OR
ciscorvs4000_softwareMatch16.7.2
OR
ciscorvs4000_softwareMatch16.7.3
OR
ciscorvs4000_softwareMatch16.8.1
OR
ciscorvs4000_softwareMatch16.8.1a
OR
ciscorvs4000_softwareMatch16.8.1s
OR
ciscorvs4000_softwareMatch16.8.1c
OR
ciscorvs4000_softwareMatch16.8.2
OR
ciscorvs4000_softwareMatch16.8.3
OR
ciscorvs4000_softwareMatch16.9.1
OR
ciscorvs4000_softwareMatch16.9.2
OR
ciscorvs4000_softwareMatch16.9.1a
OR
ciscorvs4000_softwareMatch16.9.1s
OR
ciscorvs4000_softwareMatch16.9.3
OR
ciscorvs4000_softwareMatch16.9.2s
OR
ciscorvs4000_softwareMatch16.9.4
OR
ciscorvs4000_softwareMatch16.9.3s
OR
ciscorvs4000_softwareMatch16.9.5
OR
ciscorvs4000_softwareMatch16.10.1
OR
ciscorvs4000_softwareMatch16.10.1a
OR
ciscorvs4000_softwareMatch16.10.1b
OR
ciscorvs4000_softwareMatch16.10.1s
OR
ciscorvs4000_softwareMatch16.10.1e
OR
ciscorvs4000_softwareMatch16.10.2
OR
ciscorvs4000_softwareMatch16.10.3
OR
ciscorvs4000_softwareMatch16.11.1
OR
ciscorvs4000_softwareMatch16.11.1a
OR
ciscorvs4000_softwareMatch16.11.1b
OR
ciscorvs4000_softwareMatch16.11.2
OR
ciscorvs4000_softwareMatch16.11.1s
OR
ciscorvs4000_softwareMatch16.11.1c
OR
ciscorvs4000_softwareMatch16.12.1
OR
ciscorvs4000_softwareMatch16.12.1s
OR
ciscorvs4000_softwareMatch16.12.1a
OR
ciscorvs4000_softwareMatch16.12.1c
OR
ciscorvs4000_softwareMatch16.12.2
OR
ciscorvs4000_softwareMatch16.12.3
OR
ciscorvs4000_softwareMatch16.12.2s
OR
ciscorvs4000_softwareMatch16.12.1t
OR
ciscorvs4000_softwareMatch16.12.2t
OR
ciscorvs4000_softwareMatch17.1.1
OR
ciscorvs4000_softwareMatch17.1.1s
OR
ciscorvs4000_softwareMatch17.1.1t
OR
ciscorvs4000_softwareMatch17.2.1v

Related

cvelist 1
nvd 1
cve 1
prion 1
nessus 1
cvelist
cvelist
CVE-2020-3423 Cisco IOS XE Software Arbitrary Code Execution Vulnerability
2020-09-24 00:00:00
nvd
nvd
CVE-2020-3423
2020-09-24 18:15:19
cve
cve
CVE-2020-3423
2020-09-24 18:15:19
prion
prion
Buffer overflow
2020-09-24 18:15:00
nessus
nessus
Cisco IOS XE Software Arbitrary Code Execution (cisco-sa-ios-lua-rce-7VeJX4f)
2020-10-02 00:00:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CISCO-SA-IOS-LUA-RCE-7VEJX4F
cvelist1nvd1cve1prion1nessus1