Permissions, Privileges, and Access Controls in Cisco IOS XE - CVE-2020-3213
Published: June 8, 2020
Vulnerability identifier: #VU28794
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3213
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Cisco IOS XE
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. A local Priv15 user can send specially crafted parameters and execute arbitrary commands with the privileges of the root user.
This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:
- Cisco ASR 1000 Series Aggregation Services Routers
- Cisco Cloud Services Router 1000V Series
- Cisco Catalyst 3850 Series Switches
- Cisco Catalyst 3650 Series Switches
- Cisco 4000 Series Integrated Services Routers
- Cisco 1000 Series Integrated Services Routers
- Cisco Catalyst 9300 Series Switches
- Cisco Catalyst 9500 Series Switches
- Cisco Catalyst 9400 Series Switches
- Cisco 1100 Series Industrial Integrated Services Routers
- Cisco Catalyst 9200 Series Switches
- Cisco Catalyst 9600 Series Switches
- Cisco Catalyst 9800 Series Wireless Controllers
Remediation
Install updates from vendor's website.