CVE-2020-3474 — Improper Input Validation in Cisco IOS XE Software 16.1.1

CWE-20 — Improper Input Validation CWE-863 — Incorrect Authorization CWE-269 — Improper Privilege Management4 documents4 sources

Severity

8.1HIGHNVD

CNA4.3

EPSS

0.2%

top 61.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software 16.1.1

Timeline

PublishedSep 24

Latest updateMay 24

Description

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

▶CVEListV5cisco/cisco_ios_xe_software_16.1.1n/a

🔴Vulnerability Details

GHSA

GHSA-g442-wmq5-w676: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privile↗2022-05-24

▶

CVEList

Cisco IOS XE Software Web Management Framework Vulnerabilities↗2020-09-24

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software Web Management Framework Vulnerabilities↗2020-09-24

▶