CVE-2020-3210 — Command Injection in Cisco IOS 12.2 Ez16

CWE-77 — Command Injection CWE-78 — OS Command Injection4 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 85.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS 12.2 Ez16 Cisco IOS

Timeline

PublishedJun 3

Latest updateMay 24

Description

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-rela…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/ios6 versions+5

▶CVEListV5cisco/cisco_ios_12.2_ez16n/a

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-v5xr-cpv8-m8mv: A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000↗2022-05-24

▶

CVEList

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability↗2020-06-03

▶

📋Vendor Advisories

Cisco

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability↗2020-06-03

▶