CVE-2020-3394Improper Authorization in Cisco Nx-os Software

CWE-285Improper AuthorizationCWE-862Missing Authorization4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 70.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os Software
Timeline
PublishedAug 27
Latest updateMay 24

Description

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by log

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-fphj-3g9v-9h48: A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could a2022-05-24
CVEList
Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability2020-08-27

📋Vendor Advisories

1
Cisco
Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability2020-08-26
CVE-2020-3394 — Improper Authorization in Cisco | cvebase