Lucene search

CiscoCVE-2020-3404

HistorySep 24, 2020 - 6:15 p.m.

CVE-2020-3404

2020-09-2418:15:18

CWE-863

cisco

web.nvd.nist.gov

cisco

ios xe

vulnerability

shell access

root privileges

authenticated attacker

nvd

cve-2020-3404

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges.

Affected configurations

Nvd

Node

ciscoios_xeMatch16.11.1

AND

cisco1100-4g_integrated_services_routerMatch-

cisco1100-4gltegb_integrated_services_routerMatch-

cisco1100-4gltena_integrated_services_routerMatch-

cisco1100-4p_integrated_services_routerMatch-

cisco1100-6g_integrated_services_routerMatch-

cisco1100-8p_integrated_services_routerMatch-

cisco1100-lte_integrated_services_routerMatch-

cisco1100_integrated_services_routerMatch-

cisco1101-4p_integrated_services_routerMatch-

cisco1101_integrated_services_routerMatch-

cisco1109-2p_integrated_services_routerMatch-

cisco1109-4p_integrated_services_routerMatch-

cisco1109_integrated_services_routerMatch-

cisco1111x-8p_integrated_services_routerMatch-

cisco1111x_integrated_services_routerMatch-

cisco111x_integrated_services_routerMatch-

cisco1120_integrated_services_routerMatch-

cisco1160_integrated_services_routerMatch-

cisco4221_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4451_integrated_services_routerMatch-

cisco4461_integrated_services_routerMatch-

ciscoasr_1000-xMatch-

ciscoasr_1001Match-

ciscoasr_1001-xMatch-

ciscoasr_1002Match-

ciscoasr_1002-xMatch-

ciscoasr_1004Match-

ciscoasr_1006Match-

ciscoasr_1013Match-

ciscoasr1001-hxMatch-

ciscoasr1001-hx-rfMatch-

ciscoasr1001-x-rfMatch-

ciscoasr1001-x-wsMatch-

ciscoasr1002-hxMatch-

ciscoasr1002-hx-rfMatch-

ciscoasr1002-hx-wsMatch-

ciscoasr1002-x-rfMatch-

ciscoasr1002-x-wsMatch-

ciscocatalyst_9800-40Match-

ciscocatalyst_9800-80Match-

ciscocatalyst_9800-clMatch-

ciscocatalyst_9800-lMatch-

ciscocatalyst_9800-l-cMatch-

ciscocatalyst_9800-l-fMatch-

ciscocatalyst_c9200-24pMatch-

ciscocatalyst_c9200-24tMatch-

ciscocatalyst_c9200-48pMatch-

ciscocatalyst_c9200-48tMatch-

ciscocatalyst_c9200l-24p-4gMatch-

ciscocatalyst_c9200l-24p-4xMatch-

ciscocatalyst_c9200l-24pxg-2yMatch-

ciscocatalyst_c9200l-24pxg-4xMatch-

ciscocatalyst_c9200l-24t-4gMatch-

ciscocatalyst_c9200l-24t-4xMatch-

ciscocatalyst_c9200l-48p-4gMatch-

ciscocatalyst_c9200l-48p-4xMatch-

ciscocatalyst_c9200l-48pxg-2yMatch-

ciscocatalyst_c9200l-48pxg-4xMatch-

ciscocatalyst_c9200l-48t-4gMatch-

ciscocatalyst_c9200l-48t-4xMatch-

ciscocatalyst_c9300-24pMatch-

ciscocatalyst_c9300-24sMatch-

ciscocatalyst_c9300-24tMatch-

ciscocatalyst_c9300-24uMatch-

ciscocatalyst_c9300-24uxMatch-

ciscocatalyst_c9300-48pMatch-

ciscocatalyst_c9300-48sMatch-

ciscocatalyst_c9300-48tMatch-

ciscocatalyst_c9300-48uMatch-

ciscocatalyst_c9300-48unMatch-

ciscocatalyst_c9300-48uxmMatch-

ciscocatalyst_c9300l-24p-4gMatch-

ciscocatalyst_c9300l-24p-4xMatch-

ciscocatalyst_c9300l-24t-4gMatch-

ciscocatalyst_c9300l-24t-4xMatch-

ciscocatalyst_c9300l-48p-4gMatch-

ciscocatalyst_c9300l-48p-4xMatch-

ciscocatalyst_c9300l-48t-4gMatch-

ciscocatalyst_c9300l-48t-4xMatch-

ciscocatalyst_c9404rMatch-

ciscocatalyst_c9407rMatch-

ciscocatalyst_c9410rMatch-

ciscocatalyst_c9500-12qMatch-

ciscocatalyst_c9500-16xMatch-

ciscocatalyst_c9500-24qMatch-

ciscocatalyst_c9500-24y4cMatch-

ciscocatalyst_c9500-32cMatch-

ciscocatalyst_c9500-32qcMatch-

ciscocatalyst_c9500-40xMatch-

ciscocatalyst_c9500-48y4cMatch-

ciscocsr_1000v

ciscows-c3650-12x48uqMatch-

ciscows-c3650-12x48urMatch-

ciscows-c3650-12x48uzMatch-

ciscows-c3650-24pdMatch-

ciscows-c3650-24pdmMatch-

ciscows-c3650-24psMatch-

ciscows-c3650-24tdMatch-

ciscows-c3650-24tsMatch-

ciscows-c3650-48fdMatch-

ciscows-c3650-48fqMatch-

ciscows-c3650-48fqmMatch-

ciscows-c3650-48fsMatch-

ciscows-c3650-48pdMatch-

ciscows-c3650-48pqMatch-

ciscows-c3650-48psMatch-

ciscows-c3650-48tdMatch-

ciscows-c3650-48tqMatch-

ciscows-c3650-48tsMatch-

ciscows-c3650-8x24uqMatch-

ciscows-c3850Match-

ciscows-c3850-12sMatch-

ciscows-c3850-12x48uMatch-

ciscows-c3850-12xsMatch-

ciscows-c3850-24pMatch-

ciscows-c3850-24sMatch-

ciscows-c3850-24tMatch-

ciscows-c3850-24uMatch-

ciscows-c3850-24xsMatch-

ciscows-c3850-24xuMatch-

ciscows-c3850-48fMatch-

ciscows-c3850-48pMatch-

ciscows-c3850-48tMatch-

ciscows-c3850-48uMatch-

ciscows-c3850-48xsMatch-

VendorProductVersionCPE
ciscoios_xe16.11.1cpe:2.3:a:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*
cisco1100-4g_integrated_services_router-cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-4gltegb_integrated_services_router-cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-4gltena_integrated_services_router-cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-4p_integrated_services_router-cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-6g_integrated_services_router-cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-8p_integrated_services_router-cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-lte_integrated_services_router-cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100_integrated_services_router-cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*
cisco1101-4p_integrated_services_router-cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	16.11.1	cpe:2.3:a:cisco:ios_xe:16.11.1:::::::*
cisco	1100-4g_integrated_services_router	-	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
cisco	1100-4gltegb_integrated_services_router	-	cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:::::::*
cisco	1100-4gltena_integrated_services_router	-	cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:::::::*
cisco	1100-4p_integrated_services_router	-	cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:::::::*
cisco	1100-6g_integrated_services_router	-	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*
cisco	1100-8p_integrated_services_router	-	cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:::::::*
cisco	1100-lte_integrated_services_router	-	cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:::::::*
cisco	1100_integrated_services_router	-	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
cisco	1101-4p_integrated_services_router	-	cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:::::::*

Rows per page:

1-10 of 1281

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ctbypass-7QHAfHkK

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-3404