Permissions, Privileges, and Access Controls in Cisco IOS XE - CVE-2020-3214
Published: June 8, 2020
Vulnerability identifier: #VU28795
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3214
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Cisco IOS XE
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied content. A local user can load malicious software onto an affected device and gain elevated privileges.
This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:
- Cisco ASR 1000 Series Aggregation Services Routers
- Cisco Cloud Services Router 1000V Series
- Cisco Catalyst 3850 Series Switches
- Cisco Catalyst 3650 Series Switches
- Cisco 4000 Series Integrated Services Routers
- Cisco 1000 Series Integrated Services Routers
- Cisco Catalyst 9300 Series Switches
- Cisco Catalyst 9500 Series Switches
- Cisco Catalyst 9400 Series Switches
- Cisco 1100 Series Industrial Integrated Services Routers
- Cisco Catalyst 9200 Series Switches
- Cisco Catalyst 9600 Series Switches
- Cisco Catalyst 9800 Series Wireless Controllers
Remediation
Install updates from vendor's website.