Lucene search

[email protected]CVE-2020-3219

HistoryJun 03, 2020 - 6:15 p.m.

CVE-2020-3219

2020-06-0318:15:19

CWE-20

CWE-77

[email protected]

web.nvd.nist.gov

cisco

ios xe

software

vulnerability

web ui

remote attacker

arbitrary commands

admin privileges

input validation

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.

Affected configurations

NVD

Node

ciscoios_xeMatch16.1.1

ciscoios_xeMatch16.1.2

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.2.2

ciscoios_xeMatch16.3.1

ciscoios_xeMatch16.3.1a

ciscoios_xeMatch16.3.2

ciscoios_xeMatch16.3.3

ciscoios_xeMatch16.3.4

ciscoios_xeMatch16.3.5

ciscoios_xeMatch16.3.5b

ciscoios_xeMatch16.3.6

ciscoios_xeMatch16.3.7

ciscoios_xeMatch16.3.8

ciscoios_xeMatch16.3.9

ciscoios_xeMatch16.3.10

ciscoios_xeMatch16.4.1

ciscoios_xeMatch16.4.2

ciscoios_xeMatch16.4.3

ciscoios_xeMatch16.5.1

ciscoios_xeMatch16.5.1a

ciscoios_xeMatch16.5.1b

ciscoios_xeMatch16.5.2

ciscoios_xeMatch16.5.3

ciscoios_xeMatch16.6.1

ciscoios_xeMatch16.6.2

ciscoios_xeMatch16.6.3

ciscoios_xeMatch16.6.4

ciscoios_xeMatch16.6.4a

ciscoios_xeMatch16.6.4s

ciscoios_xeMatch16.6.5

ciscoios_xeMatch16.6.5a

ciscoios_xeMatch16.6.5b

ciscoios_xeMatch16.6.6

ciscoios_xeMatch16.6.7

ciscoios_xeMatch16.6.7a

ciscoios_xeMatch16.7.1

ciscoios_xeMatch16.7.1a

ciscoios_xeMatch16.7.1b

ciscoios_xeMatch16.7.2

ciscoios_xeMatch16.7.3

ciscoios_xeMatch16.7.4

ciscoios_xeMatch16.8.1

ciscoios_xeMatch16.8.1a

ciscoios_xeMatch16.8.1b

ciscoios_xeMatch16.8.1c

ciscoios_xeMatch16.8.1d

ciscoios_xeMatch16.8.1e

ciscoios_xeMatch16.8.1s

ciscoios_xeMatch16.8.2

ciscoios_xeMatch16.8.3

ciscoios_xeMatch16.9.1

ciscoios_xeMatch16.9.1a

ciscoios_xeMatch16.9.1b

ciscoios_xeMatch16.9.1c

ciscoios_xeMatch16.9.1d

ciscoios_xeMatch16.9.1s

ciscoios_xeMatch16.9.2

ciscoios_xeMatch16.9.2a

ciscoios_xeMatch16.9.2s

ciscoios_xeMatch16.9.3

ciscoios_xeMatch16.9.3a

ciscoios_xeMatch16.9.3h

ciscoios_xeMatch16.9.3s

ciscoios_xeMatch16.9.4

ciscoios_xeMatch16.9.4c

ciscoios_xeMatch16.10.1

ciscoios_xeMatch16.10.1a

ciscoios_xeMatch16.10.1b

ciscoios_xeMatch16.10.1c

ciscoios_xeMatch16.10.1d

ciscoios_xeMatch16.10.1e

ciscoios_xeMatch16.10.1f

ciscoios_xeMatch16.10.1g

ciscoios_xeMatch16.10.1s

ciscoios_xeMatch16.10.2

ciscoios_xeMatch16.10.3

ciscoios_xeMatch16.11.1

ciscoios_xeMatch16.11.1a

ciscoios_xeMatch16.11.1b

ciscoios_xeMatch16.11.1c

ciscoios_xeMatch16.11.1s

ciscoios_xeMatch16.11.2

ciscoios_xeMatch16.12.1

ciscoios_xeMatch16.12.1a

ciscoios_xeMatch16.12.1c

ciscoios_xeMatch16.12.1s

ciscoios_xeMatch16.12.1t

ciscoios_xeMatch16.12.1w

ciscoios_xeMatch16.12.1x

ciscoios_xeMatch16.12.1y

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq16.1.1
cisco:ios_xecisco ios xeeq16.1.2
cisco:ios_xecisco ios xeeq16.1.3
cisco:ios_xecisco ios xeeq16.2.1
cisco:ios_xecisco ios xeeq16.2.2
cisco:ios_xecisco ios xeeq16.3.1
cisco:ios_xecisco ios xeeq16.3.1a
cisco:ios_xecisco ios xeeq16.3.2
cisco:ios_xecisco ios xeeq16.3.3
cisco:ios_xecisco ios xeeq16.3.4

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	16.1.1
cisco:ios_xe	cisco ios xe	eq	16.1.2
cisco:ios_xe	cisco ios xe	eq	16.1.3
cisco:ios_xe	cisco ios xe	eq	16.2.1
cisco:ios_xe	cisco ios xe	eq	16.2.2
cisco:ios_xe	cisco ios xe	eq	16.3.1
cisco:ios_xe	cisco ios xe	eq	16.3.1a
cisco:ios_xe	cisco ios xe	eq	16.3.2
cisco:ios_xe	cisco ios xe	eq	16.3.3
cisco:ios_xe	cisco ios xe	eq	16.3.4

Rows per page:

1-10 of 921

CNA Affected

[
  {
    "product": "Cisco IOS XE Software 16.1.1",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for CVE-2020-3219

cvelist1 prion1 nvd1 nessus1 cisco1 ics1