Lucene search

[email protected]CVE-2020-3214

HistoryJun 03, 2020 - 6:15 p.m.

CVE-2020-3214

2020-06-0318:15:19

CWE-20

CWE-264

[email protected]

web.nvd.nist.gov

cisco

ios xe software

vulnerability

cve-2020-3214

privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device.

Affected configurations

NVD

Node

ciscoios_xeMatch16.11.1

ciscoios_xeMatch16.11.1a

ciscoios_xeMatch16.11.1b

ciscoios_xeMatch16.11.1c

ciscoios_xeMatch16.11.1s

ciscoios_xeMatch16.11.2

ciscoios_xeMatch16.12.1

ciscoios_xeMatch16.12.1a

ciscoios_xeMatch16.12.1c

ciscoios_xeMatch16.12.1s

ciscoios_xeMatch16.12.1t

ciscoios_xeMatch16.12.1w

ciscoios_xeMatch16.12.1x

AND

cisco1100_integrated_services_routerMatch-

cisco1101_integrated_services_routerMatch-

cisco1109_integrated_services_routerMatch-

cisco1111x_integrated_services_routerMatch-

cisco111x_integrated_services_routerMatch-

cisco1120_integrated_services_routerMatch-

cisco1160_integrated_services_routerMatch-

cisco422_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4461_integrated_services_routerMatch-

ciscoasr_1000-xMatch-

ciscoasr_1001Match-

ciscoasr_1001-xMatch-

ciscoasr_1002Match-

ciscoasr_1002-xMatch-

ciscoasr_1004Match-

ciscoasr_1006Match-

ciscoasr_1013Match-

ciscocatalyst_9800-40Match-

ciscocatalyst_9800-80Match-

ciscocatalyst_9800-clMatch-

ciscocatalyst_9800-lMatch-

ciscocatalyst_9800-l-cMatch-

ciscocatalyst_9800-l-fMatch-

ciscocatalyst_c9200-24pMatch-

ciscocatalyst_c9200-24tMatch-

ciscocatalyst_c9200-48pMatch-

ciscocatalyst_c9200-48tMatch-

ciscocatalyst_c9200l-24p-4gMatch-

ciscocatalyst_c9200l-24p-4xMatch-

ciscocatalyst_c9200l-24pxg-2yMatch-

ciscocatalyst_c9200l-24pxg-4xMatch-

ciscocatalyst_c9200l-24t-4gMatch-

ciscocatalyst_c9200l-24t-4xMatch-

ciscocatalyst_c9200l-48p-4gMatch-

ciscocatalyst_c9200l-48p-4xMatch-

ciscocatalyst_c9200l-48pxg-2yMatch-

ciscocatalyst_c9200l-48pxg-4xMatch-

ciscocatalyst_c9200l-48t-4gMatch-

ciscocatalyst_c9200l-48t-4xMatch-

ciscocatalyst_c9300-24pMatch-

ciscocatalyst_c9300-24sMatch-

ciscocatalyst_c9300-24tMatch-

ciscocatalyst_c9300-24uMatch-

ciscocatalyst_c9300-24uxMatch-

ciscocatalyst_c9300-48pMatch-

ciscocatalyst_c9300-48sMatch-

ciscocatalyst_c9300-48tMatch-

ciscocatalyst_c9300-48uMatch-

ciscocatalyst_c9300-48unMatch-

ciscocatalyst_c9300-48uxmMatch-

ciscocatalyst_c9300l-24p-4gMatch-

ciscocatalyst_c9300l-24p-4xMatch-

ciscocatalyst_c9300l-24t-4gMatch-

ciscocatalyst_c9300l-24t-4xMatch-

ciscocatalyst_c9300l-48p-4gMatch-

ciscocatalyst_c9300l-48p-4xMatch-

ciscocatalyst_c9300l-48t-4gMatch-

ciscocatalyst_c9300l-48t-4xMatch-

ciscocatalyst_c9404rMatch-

ciscocatalyst_c9407rMatch-

ciscocatalyst_c9410rMatch-

ciscocatalyst_c9500-12qMatch-

ciscocatalyst_c9500-16xMatch-

ciscocatalyst_c9500-24qMatch-

ciscocatalyst_c9500-24y4cMatch-

ciscocatalyst_c9500-32cMatch-

ciscocatalyst_c9500-32qcMatch-

ciscocatalyst_c9500-40xMatch-

ciscocatalyst_c9500-48y4cMatch-

cisconexus_1000vMatch-

ciscows-c3650-12x48uqMatch-

ciscows-c3650-12x48urMatch-

ciscows-c3650-12x48uzMatch-

ciscows-c3650-24pdMatch-

ciscows-c3650-24pdmMatch-

ciscows-c3650-24psMatch-

ciscows-c3650-24tdMatch-

ciscows-c3650-24tsMatch-

ciscows-c3650-48fdMatch-

ciscows-c3650-48fqMatch-

ciscows-c3650-48fqmMatch-

ciscows-c3650-48fsMatch-

ciscows-c3650-48pdMatch-

ciscows-c3650-48pqMatch-

ciscows-c3650-48psMatch-

ciscows-c3650-48tdMatch-

ciscows-c3650-48tqMatch-

ciscows-c3650-48tsMatch-

ciscows-c3650-8x24uqMatch-

ciscows-c3850-12sMatch-

ciscows-c3850-12x48uMatch-

ciscows-c3850-12xsMatch-

ciscows-c3850-24pMatch-

ciscows-c3850-24sMatch-

ciscows-c3850-24tMatch-

ciscows-c3850-24uMatch-

ciscows-c3850-24xsMatch-

ciscows-c3850-24xuMatch-

ciscows-c3850-48fMatch-

ciscows-c3850-48pMatch-

ciscows-c3850-48tMatch-

ciscows-c3850-48uMatch-

ciscows-c3850-48xsMatch-

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq16.11.1
cisco:ios_xecisco ios xeeq16.11.1a
cisco:ios_xecisco ios xeeq16.11.1b
cisco:ios_xecisco ios xeeq16.11.1c
cisco:ios_xecisco ios xeeq16.11.1s
cisco:ios_xecisco ios xeeq16.11.2
cisco:ios_xecisco ios xeeq16.12.1
cisco:ios_xecisco ios xeeq16.12.1a
cisco:ios_xecisco ios xeeq16.12.1c
cisco:ios_xecisco ios xeeq16.12.1s

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	16.11.1
cisco:ios_xe	cisco ios xe	eq	16.11.1a
cisco:ios_xe	cisco ios xe	eq	16.11.1b
cisco:ios_xe	cisco ios xe	eq	16.11.1c
cisco:ios_xe	cisco ios xe	eq	16.11.1s
cisco:ios_xe	cisco ios xe	eq	16.11.2
cisco:ios_xe	cisco ios xe	eq	16.12.1
cisco:ios_xe	cisco ios xe	eq	16.12.1a
cisco:ios_xe	cisco ios xe	eq	16.12.1c
cisco:ios_xe	cisco ios xe	eq	16.12.1s

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "product": "Cisco IOS XE Software 16.11.1",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc2-A6jVRu7C

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-3214

cvelist1 cisco1 nessus1 nvd1 prion1