Main Vulnerability Database Vulnerabilities #VU28760

#VU28760 Command Injection in Cisco IOS XE - CVE-2020-3219

Published: June 5, 2020

Vulnerability identifier: #VU28760

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3219

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the system.

The vulnerability exists due to improper input sanitization in the web UI. A remote authenticated attacker can submit a specially crafted input and execute arbitrary commands on the target system.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:

Cisco Catalyst 3850 Series Switches
Cisco Catalyst 3650 Series Switches
Cisco Catalyst 9300 Series Switches
Cisco Catalyst 9500 Series Switches
Cisco Catalyst 9200 Series Switches

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD

#VU28760 Command Injection in Cisco IOS XE - CVE-2020-3219

Description

Remediation

External links

Please verify you're human