Lucene search

[email protected]CVE-2020-3207

HistoryJun 03, 2020 - 6:15 p.m.

CVE-2020-3207

2020-06-0318:15:18

CWE-78

CWE-77

[email protected]

web.nvd.nist.gov

cisco

ios xe

software

vulnerability

local attacker

command injection

device boot

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges.

Affected configurations

NVD

Node

ciscoios_xeMatch16.9.2

ciscoios_xeMatch16.9.2a

ciscoios_xeMatch16.9.2s

ciscoios_xeMatch16.9.3

ciscoios_xeMatch16.9.3a

ciscoios_xeMatch16.9.3h

ciscoios_xeMatch16.9.3s

ciscoios_xeMatch16.9.4

ciscoios_xeMatch16.10.1

ciscoios_xeMatch16.10.1e

ciscoios_xeMatch16.10.1s

ciscoios_xeMatch16.11.1

ciscoios_xeMatch16.11.1a

ciscoios_xeMatch16.11.1b

ciscoios_xeMatch16.11.1c

ciscoios_xeMatch16.11.1s

ciscoios_xeMatch16.12.1

ciscoios_xeMatch16.12.1c

ciscoios_xeMatch16.12.1s

AND

ciscocatalyst_3650-12x48uqMatch-

ciscocatalyst_3650-12x48urMatch-

ciscocatalyst_3650-12x48uzMatch-

ciscocatalyst_3650-24pdMatch-

ciscocatalyst_3650-24pdmMatch-

ciscocatalyst_3650-48fqMatch-

ciscocatalyst_3650-48fqmMatch-

ciscocatalyst_3650-8x24uqMatch-

ciscocatalyst_3850-24xsMatch-

ciscocatalyst_3850-48xsMatch-

ciscocatalyst_3850-nm-2-40gMatch-

ciscocatalyst_3850-nm-8-10gMatch-

ciscocatalyst_c9200-24pMatch-

ciscocatalyst_c9200-24tMatch-

ciscocatalyst_c9200-48pMatch-

ciscocatalyst_c9200-48tMatch-

ciscocatalyst_c9200l-24p-4gMatch-

ciscocatalyst_c9200l-24p-4xMatch-

ciscocatalyst_c9200l-24pxg-2yMatch-

ciscocatalyst_c9200l-24pxg-4xMatch-

ciscocatalyst_c9200l-24t-4gMatch-

ciscocatalyst_c9200l-24t-4xMatch-

ciscocatalyst_c9200l-48p-4gMatch-

ciscocatalyst_c9200l-48p-4xMatch-

ciscocatalyst_c9200l-48pxg-2yMatch-

ciscocatalyst_c9200l-48pxg-4xMatch-

ciscocatalyst_c9200l-48t-4gMatch-

ciscocatalyst_c9200l-48t-4xMatch-

ciscocatalyst_c9300-24pMatch-

ciscocatalyst_c9300-24sMatch-

ciscocatalyst_c9300-24tMatch-

ciscocatalyst_c9300-24uMatch-

ciscocatalyst_c9300-24uxMatch-

ciscocatalyst_c9300-48pMatch-

ciscocatalyst_c9300-48sMatch-

ciscocatalyst_c9300-48tMatch-

ciscocatalyst_c9300-48uMatch-

ciscocatalyst_c9300-48unMatch-

ciscocatalyst_c9300-48uxmMatch-

ciscocatalyst_c9300l-24p-4gMatch-

ciscocatalyst_c9300l-24p-4xMatch-

ciscocatalyst_c9300l-24t-4gMatch-

ciscocatalyst_c9300l-24t-4xMatch-

ciscocatalyst_c9300l-48p-4gMatch-

ciscocatalyst_c9300l-48p-4xMatch-

ciscocatalyst_c9300l-48t-4gMatch-

ciscocatalyst_c9300l-48t-4xMatch-

ciscocatalyst_c9500-12qMatch-

ciscocatalyst_c9500-16xMatch-

ciscocatalyst_c9500-24qMatch-

ciscocatalyst_c9500-24y4cMatch-

ciscocatalyst_c9500-32cMatch-

ciscocatalyst_c9500-32qcMatch-

ciscocatalyst_c9500-40xMatch-

ciscocatalyst_c9500-48y4cMatch-

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq16.9.2
cisco:ios_xecisco ios xeeq16.9.2a
cisco:ios_xecisco ios xeeq16.9.2s
cisco:ios_xecisco ios xeeq16.9.3
cisco:ios_xecisco ios xeeq16.9.3a
cisco:ios_xecisco ios xeeq16.9.3h
cisco:ios_xecisco ios xeeq16.9.3s
cisco:ios_xecisco ios xeeq16.9.4
cisco:ios_xecisco ios xeeq16.10.1
cisco:ios_xecisco ios xeeq16.10.1e

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	16.9.2
cisco:ios_xe	cisco ios xe	eq	16.9.2a
cisco:ios_xe	cisco ios xe	eq	16.9.2s
cisco:ios_xe	cisco ios xe	eq	16.9.3
cisco:ios_xe	cisco ios xe	eq	16.9.3a
cisco:ios_xe	cisco ios xe	eq	16.9.3h
cisco:ios_xe	cisco ios xe	eq	16.9.3s
cisco:ios_xe	cisco ios xe	eq	16.9.4
cisco:ios_xe	cisco ios xe	eq	16.10.1
cisco:ios_xe	cisco ios xe	eq	16.10.1e

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "product": "Cisco IOS XE Software 16.9.2",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ngwc-cmdinj-KEwWVWR

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2020-3207

cvelist1 prion1 nvd1 nessus1 cisco1