Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3474

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

Published

2020-09-24T18:15:19.637

Last Modified

2024-11-21T05:31:08.583

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	-	Yes
Hardware	cisco	1100_integrated_services_router	-	No
Hardware	cisco	1101_integrated_services_router	-	No
Hardware	cisco	1109_integrated_services_router	-	No
Hardware	cisco	1111x_integrated_services_router	-	No
Hardware	cisco	111x_integrated_services_router	-	No
Hardware	cisco	1120_integrated_services_router	-	No
Hardware	cisco	1160_integrated_services_router	-	No
Hardware	cisco	asr_1001-hx	-	No
Hardware	cisco	asr_1001-x	-	No
Hardware	cisco	asr_1002-hx	-	No
Hardware	cisco	asr_1002-x	-	No
Hardware	cisco	asr_1004	-	No
Hardware	cisco	asr_1006	-	No
Hardware	cisco	asr_1006-x	-	No
Hardware	cisco	asr_1009-x	-	No
Hardware	cisco	asr_1013	-	No
Hardware	cisco	catalyst_9800-40	-	No
Hardware	cisco	catalyst_9800-80	-	No
Hardware	cisco	catalyst_9800-cl	-	No
Hardware	cisco	catalyst_9800-l	-	No
Hardware	cisco	catalyst_9800-l-c	-	No
Hardware	cisco	catalyst_9800-l-f	-	No
Hardware	cisco	catalyst_c9200-24p	-	No
Hardware	cisco	catalyst_c9200-24t	-	No
Hardware	cisco	catalyst_c9200-48p	-	No
Hardware	cisco	catalyst_c9200-48t	-	No
Hardware	cisco	catalyst_c9200l-24p-4g	-	No
Hardware	cisco	catalyst_c9200l-24p-4x	-	No
Hardware	cisco	catalyst_c9200l-24pxg-2y	-	No
Hardware	cisco	catalyst_c9200l-24pxg-4x	-	No
Hardware	cisco	catalyst_c9200l-24t-4g	-	No
Hardware	cisco	catalyst_c9200l-24t-4x	-	No
Hardware	cisco	catalyst_c9200l-48p-4g	-	No
Hardware	cisco	catalyst_c9200l-48p-4x	-	No
Hardware	cisco	catalyst_c9200l-48pxg-2y	-	No
Hardware	cisco	catalyst_c9200l-48pxg-4x	-	No
Hardware	cisco	catalyst_c9200l-48t-4g	-	No
Hardware	cisco	catalyst_c9200l-48t-4x	-	No
Hardware	cisco	catalyst_c9300-24p	-	No
Hardware	cisco	catalyst_c9300-24s	-	No
Hardware	cisco	catalyst_c9300-24t	-	No
Hardware	cisco	catalyst_c9300-24u	-	No
Hardware	cisco	catalyst_c9300-24ux	-	No
Hardware	cisco	catalyst_c9300-48p	-	No
Hardware	cisco	catalyst_c9300-48s	-	No
Hardware	cisco	catalyst_c9300-48t	-	No
Hardware	cisco	catalyst_c9300-48u	-	No
Hardware	cisco	catalyst_c9300-48un	-	No
Hardware	cisco	catalyst_c9300-48uxm	-	No
Hardware	cisco	catalyst_c9300l-24p-4g	-	No
Hardware	cisco	catalyst_c9300l-24p-4x	-	No
Hardware	cisco	catalyst_c9300l-24t-4g	-	No
Hardware	cisco	catalyst_c9300l-24t-4x	-	No
Hardware	cisco	catalyst_c9300l-48p-4g	-	No
Hardware	cisco	catalyst_c9300l-48p-4x	-	No
Hardware	cisco	catalyst_c9300l-48t-4g	-	No
Hardware	cisco	catalyst_c9300l-48t-4x	-	No
Hardware	cisco	catalyst_c9500-12q	-	No
Hardware	cisco	catalyst_c9500-16x	-	No
Hardware	cisco	catalyst_c9500-24q	-	No
Hardware	cisco	catalyst_c9500-24y4c	-	No
Hardware	cisco	catalyst_c9500-32c	-	No
Hardware	cisco	catalyst_c9500-32qc	-	No
Hardware	cisco	catalyst_c9500-40x	-	No
Hardware	cisco	catalyst_c9500-48y4c	-	No
Hardware	cisco	ws-c3650-12x48uq	-	No
Hardware	cisco	ws-c3650-12x48ur	-	No
Hardware	cisco	ws-c3650-12x48uz	-	No
Hardware	cisco	ws-c3650-24pd	-	No
Hardware	cisco	ws-c3650-24pdm	-	No
Hardware	cisco	ws-c3650-24ps	-	No
Hardware	cisco	ws-c3650-24td	-	No
Hardware	cisco	ws-c3650-24ts	-	No
Hardware	cisco	ws-c3650-48fd	-	No
Hardware	cisco	ws-c3650-48fq	-	No
Hardware	cisco	ws-c3650-48fqm	-	No
Hardware	cisco	ws-c3650-48fs	-	No
Hardware	cisco	ws-c3650-48pd	-	No
Hardware	cisco	ws-c3650-48pq	-	No
Hardware	cisco	ws-c3650-48ps	-	No
Hardware	cisco	ws-c3650-48td	-	No
Hardware	cisco	ws-c3650-48tq	-	No
Hardware	cisco	ws-c3650-48ts	-	No
Hardware	cisco	ws-c3650-8x24uq	-	No
Hardware	cisco	ws-c3850	-	No
Hardware	cisco	ws-c3850-12s	-	No
Hardware	cisco	ws-c3850-12x48u	-	No
Hardware	cisco	ws-c3850-12xs	-	No
Hardware	cisco	ws-c3850-24p	-	No
Hardware	cisco	ws-c3850-24s	-	No
Hardware	cisco	ws-c3850-24t	-	No
Hardware	cisco	ws-c3850-24u	-	No
Hardware	cisco	ws-c3850-24xs	-	No
Hardware	cisco	ws-c3850-24xu	-	No
Hardware	cisco	ws-c3850-48f	-	No
Hardware	cisco	ws-c3850-48p	-	No
Hardware	cisco	ws-c3850-48t	-	No
Hardware	cisco	ws-c3850-48u	-	No
Hardware	cisco	ws-c3850-48xs	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-webui-multi-vfTkk7yr Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-webui-multi-vfTkk7yr Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)