Cisco Ios Xe Software 3.8.0S vulnerabilities

CVE-2020-3215 [MEDIUM] CWE-264 CVE-2020-3215: A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authentica A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on a

CVE-2020-3213 [MEDIUM] CWE-264 CVE-2020-3213: A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by send