CVE-2020-3400Missing Authorization in Cisco IOS XE Software

CWE-862Missing Authorization4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 58.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 24
Latest updateMay 24

Description

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized. This could allow a Read-Only user to p

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-wpmp-jhx9-xgq5: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which2022-05-24
CVEList
Cisco IOS XE Software Web UI Authorization Bypass Vulnerability2020-09-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Web UI Authorization Bypass Vulnerability2020-09-24
CVE-2020-3400 — Missing Authorization in Cisco | cvebase