#VU28562 Improper access control in Cisco IOS XE - CVE-2020-3222

Cybersecurity Help s.r.o.

Published: 2020-06-04

Vulnerability identifier: #VU28562

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-3222

CWE-ID: CWE-284

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Cisco IOS XE
Operating systems & Components / Operating system

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the presence of a proxy service at a specific endpoint of the web UI. A remote attacker on the local network can connect to the proxy service and bypass access restrictions on the network by proxying their access request through the management network of the affected device.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:

Cisco Catalyst 3850 Series Switches
Cisco Catalyst 3650 Series Switches
Cisco Catalyst 9300 Series Switches
Cisco Catalyst 9500 Series Switches
Cisco Catalyst 9200 Series Switches

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco IOS XE: Gibraltar 16.11.1

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-unauthprxy-KXXsbWh

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco IOS XE Software