CVE-2020-3404

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: The issue is related to errors in access control for the Telnet/Secure Shell (SSH) command-line interface of Cisco IOS XE Software. This could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.