CVE-2020-3211

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue is related to improper input sanitization in the web UI of Cisco IOS XE Software, allowing an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This could lead to complete system compromise. An attacker with valid administrative access to an affected device could exploit this by supplying a crafted input parameter on a form in the web UI and then submitting that form.

Recommendations For Cisco IOS XE Software, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but it is recommended to check the Cisco Security Advisory for the latest information on affected and fixed versions. As a temporary workaround, consider restricting access to the web UI to minimize the risk of exploitation.