CVE-2020-3516 — Improper Input Validation in Cisco IOS XE

CWE-20 — Improper Input Validation6 documents6 sources

Severity

4.3MEDIUMNVD

GHSA7.5

EPSS

0.6%

top 29.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Nokogiri Cisco IOS XE Software

Timeline

PublishedSep 24

Latest updateOct 27

Description

A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering unexpected characters during a valid authentication. A successful exploit could allow the attacker to crash the web server on the device, which must be manually recovered by disabling and re-enabling the…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5cisco/cisco_ios_xe_softwaren/a

▶NVDcisco/ios_xe16.12.0 — 16.12.2+3

▶RubyGemsnokogiri/nokogiri< 1.11.4

🔴Vulnerability Details

GHSA

GHSA-c38h-42jg-3h9q: A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the↗2022-05-24

▶

GHSA

Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12↗2021-05-17

▶

CVEList

Cisco IOS XE Software Web UI Improper Input Validation Vulnerability↗2020-09-24

▶

📋Vendor Advisories

CISA ICS

Rockwell Automation Stratix Devices Containing Cisco IOS↗2022-10-27

▶

Cisco

Cisco IOS XE Software Web UI Improper Input Validation Vulnerability↗2020-09-24

▶