CVE-2020-3425Improper Input Validation in Cisco IOS XE Software 16.1.1

CWE-20Improper Input ValidationCWE-532Log File Information Exposure5 documents5 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 23.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE Software 16.1.1Cisco IOS XE
Timeline
PublishedSep 24
Latest updateMay 24

Description

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe107 versions+106

🔴Vulnerability Details

2
GHSA
GHSA-qvr4-782c-mc2w: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privile2022-05-24
CVEList
Cisco IOS XE Software Privilege Escalation Vulnerabilities2020-09-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Privilege Escalation Vulnerabilities2020-09-24

💬Community

1
Bugzilla
CVE-2020-16844 istio: incorrect translation of DENY policy for TCP service2020-07-29
CVE-2020-3425 — Improper Input Validation in Cisco | cvebase