CVE-2020-3474

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: The issue is related to multiple vulnerabilities in the web management framework of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. The vulnerabilities are associated with errors in processing input data.

Recommendations: For Cisco IOS XE Software, update to a version that includes the software updates released by Cisco to address these vulnerabilities. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but it is recommended to apply the software updates provided by Cisco. As a temporary workaround, consider restricting access to the web management framework until a patch is available.