Privilege escalation in Cisco IOS XE Software IOx Application Hosting

Published: 2020-09-30

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2020-3393
CWE-ID	CWE-269
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Cisco IOS XE Operating systems & Components / Operating system
Vendor	Cisco Systems, Inc

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper Privilege Management

EUVDB-ID: #VU47208

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-3393

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to gain elevated privileges on the system.

The vulnerability exists in the application-hosting subsystem due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem . A local user can execute arbitrary CLI commands with root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco IOS XE: 16.12.1

CPE2.3

cpe:2.3:o:cisco_systems:cisco_ios_xe:16.12.1:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-iox-app-host-mcZcnsBt

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.