PT-2020-2873 · Cisco · Cisco Ios Xe

Published

2020-06-03

Updated

2021-10-19

CVE-2020-3213

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up, potentially elevating from a Priv15 user to the root user and executing arbitrary commands with the privileges of the root user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2020-03030

CVE-2020-3213

Affected Products

Cisco Ios Xe

PT-2020-2873 · Cisco · Cisco Ios Xe

CVE-2020-3213

Weakness Enumeration

Related Identifiers

Affected Products

References · 5