CVE-2020-3214Improper Input Validation in Cisco IOS XE Software 16.11.1

CWE-264CWE-20Improper Input Validation4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 84.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE Software 16.11.1Cisco IOS XE
Timeline
PublishedJun 3
Latest updateMay 24

Description

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-5c25-ppjq-qcq8: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privilege2022-05-24
CVEList
Cisco IOS XE Software Privilege Escalation Vulnerability2020-06-03

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Privilege Escalation Vulnerability2020-06-03
CVE-2020-3214 — Improper Input Validation in Cisco | cvebase