Lucene search

CiscoCVELIST:CVE-2020-3141

HistorySep 24, 2020 - 6:02 p.m.

CVE-2020-3141 Cisco IOS XE Software Privilege Escalation Vulnerabilities

2020-09-2418:02:45

CWE-20

cisco

www.cve.org

cisco

ios xe

software

privilege escalation

vulnerabilities

web management

framework

authenticated

remote attacker

read-only privileges

administrator user

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.003

Percentile

65.6%

JSON

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CNA Affected

[
  {
    "product": "Cisco IOS XE Software 16.1.1",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.003

Percentile

65.6%

JSON

Related for CVELIST:CVE-2020-3141