CVE-2020-3234 — Hard-coded Credentials in Cisco IOS 12.2 Ez16

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 85.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS 12.2 Ez16 Cisco IOS

Timeline

PublishedJun 3

Latest updateMay 24

Description

A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability b…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

▶NVDcisco/ios87 versions+86

▶CVEListV5cisco/cisco_ios_12.2_ez16n/a

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-8cj5-64j8-7h9h: A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial I↗2022-05-24

▶

CVEList

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability↗2020-06-03

▶

📋Vendor Advisories

Cisco

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability↗2020-06-03

▶