PT-2020-2684 · Cisco · Cisco Ios Xe Web Management+1

Published

2020-06-03

Updated

2020-06-09

CVE-2020-3229

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Web Management Software (affected versions not specified)

Description A vulnerability in the Role Based Access Control (RBAC) functionality could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The issue is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this by sending a modified HTTP request to the affected device, potentially allowing a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-264

Related Identifiers

BDU:2020-02751

CVE-2020-3229

Affected Products

Cisco Ios Xe Web Management

Cisco Ios Xe

PT-2020-2684 · Cisco · Cisco Ios Xe Web Management+1

CVE-2020-3229

Weakness Enumeration

Related Identifiers

Affected Products

References · 7