cbcvebase.
CVE-2020-3227
published 2020-06-03

CVE-2020-3227: A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.41%
87.4th percentile
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device.

Affected

72 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_ios_xe_software_16.3.1
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe

Detection & IOCsextracted from sources · hover to see the quote

  • Detect crafted API calls targeting the Cisco IOx authorization token endpoint — an unauthenticated request for an authorization token via the IOx API is the exploit primitive
  • Monitor for unauthenticated IOx API command execution on IOS XE devices, particularly any IOx API calls that are not preceded by a legitimate authenticated session
  • Track Cisco bug IDs CSCvq18527 and CSCvq83400 for patch status on affected IOS XE devices running the IOx application hosting infrastructure
  • ·The vulnerability is rooted in incorrect handling of authorization token requests within the IOx application hosting infrastructure — verify that IOx is enabled on the device, as unexposed devices are not affected
  • ·No workarounds exist; the only remediation is applying Cisco's software updates for IOS XE

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.