Main Vulnerability Database Vulnerabilities #VU28762

#VU28762 Input validation error in Cisco IOS XE - CVE-2020-3218

Published: June 5, 2020

Vulnerability identifier: #VU28762

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3218

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote user to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the web UI. A remote administrator can first create a malicious file on the affected device itself, then upload a second malicious file to the device and execute arbitrary code on the target system.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:

Cisco Catalyst 3850 Series Switches
Cisco Catalyst 3650 Series Switches
Cisco Catalyst 9300 Series Switches
Cisco Catalyst 9500 Series Switches
Cisco Catalyst 9200 Series Switches

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD

#VU28762 Input validation error in Cisco IOS XE - CVE-2020-3218

Description

Remediation

External links

Please verify you're human