PT-2020-2685 · Cisco · Cisco Ios Xe

Published

2020-06-03

Updated

2021-09-17

CVE-2020-3219

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-20

Related Identifiers

BDU:2020-02752

BDU:2020-02762

CVE-2020-3219

Affected Products

Cisco Ios Xe

PT-2020-2685 · Cisco · Cisco Ios Xe

CVE-2020-3219

Weakness Enumeration

Related Identifiers

Affected Products

References · 7