CVE-2020-8349

Name of the Vulnerable Software and Affected Versions Cloud Networking Operating System (CNOS) (affected versions not specified)

Description An unauthenticated remote code execution issue has been identified in the optional REST API management interface of Cloud Networking Operating System (CNOS). This interface is disabled by default and is only vulnerable when enabled, specifically when attached to a VRF and as allowed by defined ACLs.

Recommendations For all affected versions, upgrade to a non-vulnerable CNOS release. As a temporary workaround, consider disabling the REST API management interface until a patch is available. Restrict access to the management VRF and further limit access to authorized management stations via ACL.