CVE-2020-3222

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the web-based user interface of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service, allowing them to bypass access restrictions on the network by proxying their access request through the management network of the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.