Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3214

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device.

Published

2020-06-03T18:15:19.463

Last Modified

2024-11-21T05:30:34.543

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-264
Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	16.11.1	Yes
Operating System	cisco	ios_xe	16.11.1a	Yes
Operating System	cisco	ios_xe	16.11.1b	Yes
Operating System	cisco	ios_xe	16.11.1c	Yes
Operating System	cisco	ios_xe	16.11.1s	Yes
Operating System	cisco	ios_xe	16.11.2	Yes
Operating System	cisco	ios_xe	16.12.1	Yes
Operating System	cisco	ios_xe	16.12.1a	Yes
Operating System	cisco	ios_xe	16.12.1c	Yes
Operating System	cisco	ios_xe	16.12.1s	Yes
Operating System	cisco	ios_xe	16.12.1t	Yes
Operating System	cisco	ios_xe	16.12.1w	Yes
Operating System	cisco	ios_xe	16.12.1x	Yes
Hardware	cisco	1100_integrated_services_router	-	No
Hardware	cisco	1101_integrated_services_router	-	No
Hardware	cisco	1109_integrated_services_router	-	No
Hardware	cisco	1111x_integrated_services_router	-	No
Hardware	cisco	111x_integrated_services_router	-	No
Hardware	cisco	1120_integrated_services_router	-	No
Hardware	cisco	1160_integrated_services_router	-	No
Hardware	cisco	422_integrated_services_router	-	No
Hardware	cisco	4331_integrated_services_router	-	No
Hardware	cisco	4431_integrated_services_router	-	No
Hardware	cisco	4461_integrated_services_router	-	No
Hardware	cisco	asr_1000-x	-	No
Hardware	cisco	asr_1001	-	No
Hardware	cisco	asr_1001-x	-	No
Hardware	cisco	asr_1002	-	No
Hardware	cisco	asr_1002-x	-	No
Hardware	cisco	asr_1004	-	No
Hardware	cisco	asr_1006	-	No
Hardware	cisco	asr_1013	-	No
Hardware	cisco	catalyst_9800-40	-	No
Hardware	cisco	catalyst_9800-80	-	No
Hardware	cisco	catalyst_9800-cl	-	No
Hardware	cisco	catalyst_9800-l	-	No
Hardware	cisco	catalyst_9800-l-c	-	No
Hardware	cisco	catalyst_9800-l-f	-	No
Hardware	cisco	catalyst_c9200-24p	-	No
Hardware	cisco	catalyst_c9200-24t	-	No
Hardware	cisco	catalyst_c9200-48p	-	No
Hardware	cisco	catalyst_c9200-48t	-	No
Hardware	cisco	catalyst_c9200l-24p-4g	-	No
Hardware	cisco	catalyst_c9200l-24p-4x	-	No
Hardware	cisco	catalyst_c9200l-24pxg-2y	-	No
Hardware	cisco	catalyst_c9200l-24pxg-4x	-	No
Hardware	cisco	catalyst_c9200l-24t-4g	-	No
Hardware	cisco	catalyst_c9200l-24t-4x	-	No
Hardware	cisco	catalyst_c9200l-48p-4g	-	No
Hardware	cisco	catalyst_c9200l-48p-4x	-	No
Hardware	cisco	catalyst_c9200l-48pxg-2y	-	No
Hardware	cisco	catalyst_c9200l-48pxg-4x	-	No
Hardware	cisco	catalyst_c9200l-48t-4g	-	No
Hardware	cisco	catalyst_c9200l-48t-4x	-	No
Hardware	cisco	catalyst_c9300-24p	-	No
Hardware	cisco	catalyst_c9300-24s	-	No
Hardware	cisco	catalyst_c9300-24t	-	No
Hardware	cisco	catalyst_c9300-24u	-	No
Hardware	cisco	catalyst_c9300-24ux	-	No
Hardware	cisco	catalyst_c9300-48p	-	No
Hardware	cisco	catalyst_c9300-48s	-	No
Hardware	cisco	catalyst_c9300-48t	-	No
Hardware	cisco	catalyst_c9300-48u	-	No
Hardware	cisco	catalyst_c9300-48un	-	No
Hardware	cisco	catalyst_c9300-48uxm	-	No
Hardware	cisco	catalyst_c9300l-24p-4g	-	No
Hardware	cisco	catalyst_c9300l-24p-4x	-	No
Hardware	cisco	catalyst_c9300l-24t-4g	-	No
Hardware	cisco	catalyst_c9300l-24t-4x	-	No
Hardware	cisco	catalyst_c9300l-48p-4g	-	No
Hardware	cisco	catalyst_c9300l-48p-4x	-	No
Hardware	cisco	catalyst_c9300l-48t-4g	-	No
Hardware	cisco	catalyst_c9300l-48t-4x	-	No
Hardware	cisco	catalyst_c9404r	-	No
Hardware	cisco	catalyst_c9407r	-	No
Hardware	cisco	catalyst_c9410r	-	No
Hardware	cisco	catalyst_c9500-12q	-	No
Hardware	cisco	catalyst_c9500-16x	-	No
Hardware	cisco	catalyst_c9500-24q	-	No
Hardware	cisco	catalyst_c9500-24y4c	-	No
Hardware	cisco	catalyst_c9500-32c	-	No
Hardware	cisco	catalyst_c9500-32qc	-	No
Hardware	cisco	catalyst_c9500-40x	-	No
Hardware	cisco	catalyst_c9500-48y4c	-	No
Hardware	cisco	nexus_1000v	-	No
Hardware	cisco	ws-c3650-12x48uq	-	No
Hardware	cisco	ws-c3650-12x48ur	-	No
Hardware	cisco	ws-c3650-12x48uz	-	No
Hardware	cisco	ws-c3650-24pd	-	No
Hardware	cisco	ws-c3650-24pdm	-	No
Hardware	cisco	ws-c3650-24ps	-	No
Hardware	cisco	ws-c3650-24td	-	No
Hardware	cisco	ws-c3650-24ts	-	No
Hardware	cisco	ws-c3650-48fd	-	No
Hardware	cisco	ws-c3650-48fq	-	No
Hardware	cisco	ws-c3650-48fqm	-	No
Hardware	cisco	ws-c3650-48fs	-	No
Hardware	cisco	ws-c3650-48pd	-	No
Hardware	cisco	ws-c3650-48pq	-	No
Hardware	cisco	ws-c3650-48ps	-	No
Hardware	cisco	ws-c3650-48td	-	No
Hardware	cisco	ws-c3650-48tq	-	No
Hardware	cisco	ws-c3650-48ts	-	No
Hardware	cisco	ws-c3650-8x24uq	-	No
Hardware	cisco	ws-c3850-12s	-	No
Hardware	cisco	ws-c3850-12x48u	-	No
Hardware	cisco	ws-c3850-12xs	-	No
Hardware	cisco	ws-c3850-24p	-	No
Hardware	cisco	ws-c3850-24s	-	No
Hardware	cisco	ws-c3850-24t	-	No
Hardware	cisco	ws-c3850-24u	-	No
Hardware	cisco	ws-c3850-24xs	-	No
Hardware	cisco	ws-c3850-24xu	-	No
Hardware	cisco	ws-c3850-48f	-	No
Hardware	cisco	ws-c3850-48p	-	No
Hardware	cisco	ws-c3850-48t	-	No
Hardware	cisco	ws-c3850-48u	-	No
Hardware	cisco	ws-c3850-48xs	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc2-A6jVRu7C Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc2-A6jVRu7C Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)