Lucene search

[email protected]CVE-2020-3213

HistoryJun 03, 2020 - 6:15 p.m.

CVE-2020-3213

2020-06-0318:15:19

CWE-264

[email protected]

web.nvd.nist.gov

cisco

ios xe

rommon

vulnerability

privilege escalation

nvd

cve-2020-3213

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary commands with the privileges of the root user.

Affected configurations

NVD

Node

ciscoios_xeMatch3.8.0s

ciscoios_xeMatch3.8.1s

ciscoios_xeMatch3.8.2s

ciscoios_xeMatch3.9.0as

ciscoios_xeMatch3.9.0s

ciscoios_xeMatch3.9.1as

ciscoios_xeMatch3.9.1s

ciscoios_xeMatch3.9.2s

ciscoios_xeMatch3.10.0s

ciscoios_xeMatch3.10.1s

ciscoios_xeMatch3.10.2as

ciscoios_xeMatch3.10.2s

ciscoios_xeMatch3.10.2ts

ciscoios_xeMatch3.10.3s

ciscoios_xeMatch3.10.4s

ciscoios_xeMatch3.10.5s

ciscoios_xeMatch3.10.6s

ciscoios_xeMatch3.10.7s

ciscoios_xeMatch3.10.8as

ciscoios_xeMatch3.10.8s

ciscoios_xeMatch3.10.9s

ciscoios_xeMatch3.10.10s

ciscoios_xeMatch3.11.0s

ciscoios_xeMatch3.11.1s

ciscoios_xeMatch3.11.2s

ciscoios_xeMatch3.11.3s

ciscoios_xeMatch3.11.4s

ciscoios_xeMatch3.12.0as

ciscoios_xeMatch3.12.0s

ciscoios_xeMatch3.12.1s

ciscoios_xeMatch3.12.2s

ciscoios_xeMatch3.12.3s

ciscoios_xeMatch3.12.4s

ciscoios_xeMatch3.13.0as

ciscoios_xeMatch3.13.0s

ciscoios_xeMatch3.13.1s

ciscoios_xeMatch3.13.2as

ciscoios_xeMatch3.13.2s

ciscoios_xeMatch3.13.3s

ciscoios_xeMatch3.13.4s

ciscoios_xeMatch3.13.5as

ciscoios_xeMatch3.13.5s

ciscoios_xeMatch3.13.6as

ciscoios_xeMatch3.13.6bs

ciscoios_xeMatch3.13.6s

ciscoios_xeMatch3.13.7as

ciscoios_xeMatch3.13.7s

ciscoios_xeMatch3.13.8s

ciscoios_xeMatch3.13.9s

ciscoios_xeMatch3.13.10s

ciscoios_xeMatch3.14.0s

ciscoios_xeMatch3.14.1s

ciscoios_xeMatch3.14.2s

ciscoios_xeMatch3.14.3s

ciscoios_xeMatch3.14.4s

ciscoios_xeMatch3.15.0s

ciscoios_xeMatch3.15.1cs

ciscoios_xeMatch3.15.1s

ciscoios_xeMatch3.15.2s

ciscoios_xeMatch3.15.3s

ciscoios_xeMatch3.15.4s

ciscoios_xeMatch3.16.0as

ciscoios_xeMatch3.16.0bs

ciscoios_xeMatch3.16.0cs

ciscoios_xeMatch3.16.0s

ciscoios_xeMatch3.16.1as

ciscoios_xeMatch3.16.2as

ciscoios_xeMatch3.16.2bs

ciscoios_xeMatch3.16.2s

ciscoios_xeMatch3.16.3as

ciscoios_xeMatch3.16.3s

ciscoios_xeMatch3.16.4as

ciscoios_xeMatch3.16.4bs

ciscoios_xeMatch3.16.4cs

ciscoios_xeMatch3.16.4ds

ciscoios_xeMatch3.16.4es

ciscoios_xeMatch3.16.4gs

ciscoios_xeMatch3.16.4s

ciscoios_xeMatch3.16.5as

ciscoios_xeMatch3.16.5bs

ciscoios_xeMatch3.16.5s

ciscoios_xeMatch3.16.6bs

ciscoios_xeMatch3.16.6s

ciscoios_xeMatch3.16.7as

ciscoios_xeMatch3.16.7bs

ciscoios_xeMatch3.16.7s

ciscoios_xeMatch3.16.8s

ciscoios_xeMatch3.16.9s

ciscoios_xeMatch3.16.10s

ciscoios_xeMatch3.17.0s

ciscoios_xeMatch3.17.1as

ciscoios_xeMatch3.17.1s

ciscoios_xeMatch3.17.2s

ciscoios_xeMatch3.17.3s

ciscoios_xeMatch3.17.4s

ciscoios_xeMatch3.18.0s

ciscoios_xeMatch3.18.0sp

ciscoios_xeMatch3.18.1bsp

ciscoios_xeMatch3.18.1csp

ciscoios_xeMatch3.18.1gsp

ciscoios_xeMatch3.18.1hsp

ciscoios_xeMatch3.18.1isp

ciscoios_xeMatch3.18.1s

ciscoios_xeMatch3.18.1sp

ciscoios_xeMatch3.18.2s

ciscoios_xeMatch3.18.2sp

ciscoios_xeMatch3.18.3s

ciscoios_xeMatch3.18.3sp

ciscoios_xeMatch3.18.4s

ciscoios_xeMatch3.18.4sp

ciscoios_xeMatch3.18.5sp

ciscoios_xeMatch3.18.6sp

ciscoios_xeMatch3.18.7sp

ciscoios_xeMatch3.18.8sp

ciscoios_xeMatch16.1.1

ciscoios_xeMatch16.1.2

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.2.2

ciscoios_xeMatch16.3.1

ciscoios_xeMatch16.3.1a

ciscoios_xeMatch16.3.2

ciscoios_xeMatch16.3.3

ciscoios_xeMatch16.3.4

ciscoios_xeMatch16.3.5

ciscoios_xeMatch16.3.5b

ciscoios_xeMatch16.3.6

ciscoios_xeMatch16.3.7

ciscoios_xeMatch16.3.8

ciscoios_xeMatch16.3.9

ciscoios_xeMatch16.4.1

ciscoios_xeMatch16.4.2

ciscoios_xeMatch16.4.3

ciscoios_xeMatch16.5.1

ciscoios_xeMatch16.5.1a

ciscoios_xeMatch16.5.1b

ciscoios_xeMatch16.5.2

ciscoios_xeMatch16.5.3

ciscoios_xeMatch16.6.1

ciscoios_xeMatch16.6.2

ciscoios_xeMatch16.6.3

ciscoios_xeMatch16.6.4

ciscoios_xeMatch16.6.4a

ciscoios_xeMatch16.6.4s

ciscoios_xeMatch16.6.5

ciscoios_xeMatch16.6.5a

ciscoios_xeMatch16.6.5b

ciscoios_xeMatch16.6.6

ciscoios_xeMatch16.6.7

ciscoios_xeMatch16.6.7a

ciscoios_xeMatch16.7.1

ciscoios_xeMatch16.7.2

ciscoios_xeMatch16.7.3

ciscoios_xeMatch16.8.1

ciscoios_xeMatch16.8.1a

ciscoios_xeMatch16.8.1b

ciscoios_xeMatch16.8.1c

ciscoios_xeMatch16.8.1s

ciscoios_xeMatch16.8.2

ciscoios_xeMatch16.8.3

ciscoios_xeMatch16.9.1

ciscoios_xeMatch16.9.1a

ciscoios_xeMatch16.9.1b

ciscoios_xeMatch16.9.1c

ciscoios_xeMatch16.9.1d

ciscoios_xeMatch16.9.1s

ciscoios_xeMatch16.9.2

ciscoios_xeMatch16.9.2a

ciscoios_xeMatch16.9.2s

ciscoios_xeMatch16.9.3

ciscoios_xeMatch16.9.3a

ciscoios_xeMatch16.9.3h

ciscoios_xeMatch16.9.3s

ciscoios_xeMatch16.9.4

ciscoios_xeMatch16.9.4c

ciscoios_xeMatch16.10.1

ciscoios_xeMatch16.10.1a

ciscoios_xeMatch16.10.1b

ciscoios_xeMatch16.10.1e

ciscoios_xeMatch16.10.1s

ciscoios_xeMatch16.10.2

ciscoios_xeMatch16.11.1

ciscoios_xeMatch16.11.1a

ciscoios_xeMatch16.11.1b

ciscoios_xeMatch16.11.1c

ciscoios_xeMatch16.11.1s

ciscoios_xeMatch16.11.2

ciscoios_xeMatch16.12.1

ciscoios_xeMatch16.12.1a

ciscoios_xeMatch16.12.1c

ciscoios_xeMatch16.12.1s

ciscoios_xeMatch16.12.1t

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq3.8.0s
cisco:ios_xecisco ios xeeq3.8.1s
cisco:ios_xecisco ios xeeq3.8.2s
cisco:ios_xecisco ios xeeq3.9.0as
cisco:ios_xecisco ios xeeq3.9.0s
cisco:ios_xecisco ios xeeq3.9.1as
cisco:ios_xecisco ios xeeq3.9.1s
cisco:ios_xecisco ios xeeq3.9.2s
cisco:ios_xecisco ios xeeq3.10.0s
cisco:ios_xecisco ios xeeq3.10.1s

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	3.8.0s
cisco:ios_xe	cisco ios xe	eq	3.8.1s
cisco:ios_xe	cisco ios xe	eq	3.8.2s
cisco:ios_xe	cisco ios xe	eq	3.9.0as
cisco:ios_xe	cisco ios xe	eq	3.9.0s
cisco:ios_xe	cisco ios xe	eq	3.9.1as
cisco:ios_xe	cisco ios xe	eq	3.9.1s
cisco:ios_xe	cisco ios xe	eq	3.9.2s
cisco:ios_xe	cisco ios xe	eq	3.10.0s
cisco:ios_xe	cisco ios xe	eq	3.10.1s

Rows per page:

1-10 of 1921

CNA Affected

[
  {
    "product": "Cisco IOS XE Software 3.8.0S",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc3-GMgnGCHx

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-3213

nessus1 cisco1 prion1 cvelist1 nvd1