CVE-2020-3213 — Cisco IOS XE Software 3.8.0s vulnerability

CWE-2644 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 87.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software 3.8.0s Cisco IOS XE

Timeline

PublishedJun 3

Latest updateMay 24

Description

A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute ar…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xe_software_3.8.0sn/a

▶NVDcisco/ios_xe192 versions+191

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-637f-69rv-x68j: A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of↗2022-05-24

▶

CVEList

Cisco IOS XE Software Privilege Escalation Vulnerability↗2020-06-03

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software Privilege Escalation Vulnerability↗2020-06-03

▶