CVE-2020-3425

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: The issue is related to multiple vulnerabilities in the web management framework of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. The vulnerability is also associated with insufficient input validation in the web interface of the Cisco IOS XE operating system, which can be exploited by a remote attacker to gain elevated privileges.

Recommendations: For Cisco IOS XE Software, update to a version that includes the software updates released by Cisco to address these vulnerabilities. As a temporary workaround, consider restricting access to the web management framework to minimize the risk of exploitation. Avoid using the web interface with read-only privileges until the issue is resolved.