CVE-2020-3215

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue is related to insufficient validation of a user-supplied open virtual appliance (OVA) during installation, which could allow an authenticated, local attacker to gain root-level privileges on an affected device. This is due to errors in electronic signature verification. An attacker could exploit this by installing a malicious OVA on the device.

Recommendations For all affected versions of Cisco IOS XE Software, update to a version that includes the fix for this issue, as provided by Cisco in their software updates. At the moment, there is no information about specific versions that contain a fix for this vulnerability.