CVE-2020-3224

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue is related to insufficient input validation of specific HTTP requests in the web-based user interface of Cisco IOS XE Software. This could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. An attacker could exploit this by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.