CVE-2020-3423

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue is related to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts in the Lua interpreter integrated in Cisco IOS XE Software. This could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. An attacker with valid administrative credentials could exploit this by submitting a malicious Lua script, potentially leading to a buffer overflow condition. A successful exploit could allow the attacker to execute arbitrary code with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.