CVE-2020-3403

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: The issue is related to insufficient protection of values passed to a script that executes during device startup, allowing an authenticated, local attacker with privileged EXEC permissions to inject a command to the underlying operating system. This command will execute with root privileges upon the next reboot of the device. An attacker could exploit this by writing values to a specific file, potentially allowing them to execute commands with root privileges each time the affected device is restarted.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.