CVE-2020-3425

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 24-09-2020 08:15

Last modified: - 18-03-2022 08:41

Total changes: - 5

Description

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

8.8

Base score

2.8

5.9

Exploitability score

Impact score

Verification logic

AND

vendor=cisco AND product=ios_xe AND version=16.1.1

vendor=cisco AND product=ios_xe AND version=16.1.2

vendor=cisco AND product=ios_xe AND version=16.1.3

vendor=cisco AND product=ios_xe AND version=16.2.1

vendor=cisco AND product=ios_xe AND version=16.2.2

vendor=cisco AND product=ios_xe AND version=16.3.1

vendor=cisco AND product=ios_xe AND version=16.3.1a

vendor=cisco AND product=ios_xe AND version=16.3.2

vendor=cisco AND product=ios_xe AND version=16.3.3

vendor=cisco AND product=ios_xe AND version=16.3.4

vendor=cisco AND product=ios_xe AND version=16.3.5

vendor=cisco AND product=ios_xe AND version=16.3.5b

vendor=cisco AND product=ios_xe AND version=16.3.6

vendor=cisco AND product=ios_xe AND version=16.3.7

vendor=cisco AND product=ios_xe AND version=16.3.8

vendor=cisco AND product=ios_xe AND version=16.3.9

vendor=cisco AND product=ios_xe AND version=16.3.10

vendor=cisco AND product=ios_xe AND version=16.4.1

vendor=cisco AND product=ios_xe AND version=16.4.2

vendor=cisco AND product=ios_xe AND version=16.4.3

vendor=cisco AND product=ios_xe AND version=16.5.1

vendor=cisco AND product=ios_xe AND version=16.5.1a

vendor=cisco AND product=ios_xe AND version=16.5.1b

vendor=cisco AND product=ios_xe AND version=16.5.2

vendor=cisco AND product=ios_xe AND version=16.5.3

vendor=cisco AND product=ios_xe AND version=16.6.1

vendor=cisco AND product=ios_xe AND version=16.6.2

vendor=cisco AND product=ios_xe AND version=16.6.3

vendor=cisco AND product=ios_xe AND version=16.6.4

vendor=cisco AND product=ios_xe AND version=16.6.4a

vendor=cisco AND product=ios_xe AND version=16.6.4s

vendor=cisco AND product=ios_xe AND version=16.6.5

vendor=cisco AND product=ios_xe AND version=16.6.5a

vendor=cisco AND product=ios_xe AND version=16.6.5b

vendor=cisco AND product=ios_xe AND version=16.6.6

vendor=cisco AND product=ios_xe AND version=16.6.7

vendor=cisco AND product=ios_xe AND version=16.6.7a

vendor=cisco AND product=ios_xe AND version=16.6.8

vendor=cisco AND product=ios_xe AND version=16.7.1

vendor=cisco AND product=ios_xe AND version=16.7.1a

vendor=cisco AND product=ios_xe AND version=16.7.1b

vendor=cisco AND product=ios_xe AND version=16.7.2

vendor=cisco AND product=ios_xe AND version=16.7.3

vendor=cisco AND product=ios_xe AND version=16.7.4

vendor=cisco AND product=ios_xe AND version=16.8.1

vendor=cisco AND product=ios_xe AND version=16.8.1a

vendor=cisco AND product=ios_xe AND version=16.8.1b

vendor=cisco AND product=ios_xe AND version=16.8.1c

vendor=cisco AND product=ios_xe AND version=16.8.1d

vendor=cisco AND product=ios_xe AND version=16.8.1e

vendor=cisco AND product=ios_xe AND version=16.8.1s

vendor=cisco AND product=ios_xe AND version=16.8.2

vendor=cisco AND product=ios_xe AND version=16.8.3

vendor=cisco AND product=ios_xe AND version=16.9.1

vendor=cisco AND product=ios_xe AND version=16.9.1a

vendor=cisco AND product=ios_xe AND version=16.9.1b

vendor=cisco AND product=ios_xe AND version=16.9.1c

vendor=cisco AND product=ios_xe AND version=16.9.1d

vendor=cisco AND product=ios_xe AND version=16.9.1s

vendor=cisco AND product=ios_xe AND version=16.9.2

vendor=cisco AND product=ios_xe AND version=16.9.2a

vendor=cisco AND product=ios_xe AND version=16.9.2s

vendor=cisco AND product=ios_xe AND version=16.9.3

vendor=cisco AND product=ios_xe AND version=16.9.3a

vendor=cisco AND product=ios_xe AND version=16.9.3h

vendor=cisco AND product=ios_xe AND version=16.9.3s

vendor=cisco AND product=ios_xe AND version=16.9.4

vendor=cisco AND product=ios_xe AND version=16.9.4c

vendor=cisco AND product=ios_xe AND version=16.9.5

vendor=cisco AND product=ios_xe AND version=16.9.5f

vendor=cisco AND product=ios_xe AND version=16.10.1

vendor=cisco AND product=ios_xe AND version=16.10.1a

vendor=cisco AND product=ios_xe AND version=16.10.1b

vendor=cisco AND product=ios_xe AND version=16.10.1c

vendor=cisco AND product=ios_xe AND version=16.10.1d

vendor=cisco AND product=ios_xe AND version=16.10.1e

vendor=cisco AND product=ios_xe AND version=16.10.1f

vendor=cisco AND product=ios_xe AND version=16.10.1g

vendor=cisco AND product=ios_xe AND version=16.10.1s

vendor=cisco AND product=ios_xe AND version=16.10.2

vendor=cisco AND product=ios_xe AND version=16.10.3

vendor=cisco AND product=ios_xe AND version=16.11.1

vendor=cisco AND product=ios_xe AND version=16.11.1a

vendor=cisco AND product=ios_xe AND version=16.11.1b

vendor=cisco AND product=ios_xe AND version=16.11.1c

vendor=cisco AND product=ios_xe AND version=16.11.1s

vendor=cisco AND product=ios_xe AND version=16.11.2

vendor=cisco AND product=ios_xe AND version=16.12.1

vendor=cisco AND product=ios_xe AND version=16.12.1a

vendor=cisco AND product=ios_xe AND version=16.12.1c

vendor=cisco AND product=ios_xe AND version=16.12.1s

vendor=cisco AND product=ios_xe AND version=16.12.1t

vendor=cisco AND product=ios_xe AND version=16.12.1w

vendor=cisco AND product=ios_xe AND version=16.12.1x

vendor=cisco AND product=ios_xe AND version=16.12.1y

vendor=cisco AND product=ios_xe AND version=16.12.2

vendor=cisco AND product=ios_xe AND version=16.12.2a

vendor=cisco AND product=ios_xe AND version=16.12.2s

vendor=cisco AND product=ios_xe AND version=16.12.2t

vendor=cisco AND product=ios_xe AND version=17.1.1

vendor=cisco AND product=ios_xe AND version=17.1.1a

vendor=cisco AND product=ios_xe AND version=17.1.1s

vendor=cisco AND product=ios_xe AND version=17.1.1t

vendor=cisco AND product=ios_xe AND version=17.2.1

vendor=cisco AND product=ios_xe AND version=17.2.1a

vendor=cisco AND product=ios_xe AND version=17.2.1r

vendor=cisco AND product=ios_xe AND version=17.2.1v

vendor=cisco AND product=4221_integrated_services_router AND version=-

vendor=cisco AND product=4321_integrated_services_router AND version=-

vendor=cisco AND product=4331_integrated_services_router AND version=-

vendor=cisco AND product=4351_integrated_services_router AND version=-

vendor=cisco AND product=4431_integrated_services_router AND version=-

vendor=cisco AND product=4451-x_integrated_services_router AND version=-

vendor=cisco AND product=4461_integrated_services_router AND version=-

vendor=cisco AND product=asr_1001-hx AND version=-

vendor=cisco AND product=asr_1001-x AND version=-

vendor=cisco AND product=asr_1002-hx AND version=-

vendor=cisco AND product=asr_1002-x AND version=-

vendor=cisco AND product=asr_1004 AND version=-

vendor=cisco AND product=asr_1006 AND version=-

vendor=cisco AND product=asr_1006-x AND version=-

vendor=cisco AND product=asr_1009-x AND version=-

vendor=cisco AND product=asr_1013 AND version=-

vendor=cisco AND product=catalyst_9800-40 AND version=-

vendor=cisco AND product=catalyst_9800-80 AND version=-

vendor=cisco AND product=catalyst_9800-cl AND version=-

vendor=cisco AND product=catalyst_9800-l AND version=-

vendor=cisco AND product=catalyst_9800-l-c AND version=-

vendor=cisco AND product=catalyst_9800-l-f AND version=-

vendor=cisco AND product=catalyst_c9200-24p AND version=-

vendor=cisco AND product=catalyst_c9200-24t AND version=-

vendor=cisco AND product=catalyst_c9200-48p AND version=-

vendor=cisco AND product=catalyst_c9200-48t AND version=-

vendor=cisco AND product=catalyst_c9200l-24p-4g AND version=-

vendor=cisco AND product=catalyst_c9200l-24p-4x AND version=-

vendor=cisco AND product=catalyst_c9200l-24pxg-2y AND version=-

vendor=cisco AND product=catalyst_c9200l-24pxg-4x AND version=-

vendor=cisco AND product=catalyst_c9200l-24t-4g AND version=-

vendor=cisco AND product=catalyst_c9200l-24t-4x AND version=-

vendor=cisco AND product=catalyst_c9200l-48p-4g AND version=-

vendor=cisco AND product=catalyst_c9200l-48p-4x AND version=-

vendor=cisco AND product=catalyst_c9200l-48pxg-2y AND version=-

vendor=cisco AND product=catalyst_c9200l-48pxg-4x AND version=-

vendor=cisco AND product=catalyst_c9200l-48t-4g AND version=-

vendor=cisco AND product=catalyst_c9200l-48t-4x AND version=-

vendor=cisco AND product=catalyst_c9300-24p AND version=-

vendor=cisco AND product=catalyst_c9300-24s AND version=-

vendor=cisco AND product=catalyst_c9300-24t AND version=-

vendor=cisco AND product=catalyst_c9300-24u AND version=-

vendor=cisco AND product=catalyst_c9300-24ux AND version=-

vendor=cisco AND product=catalyst_c9300-48p AND version=-

vendor=cisco AND product=catalyst_c9300-48s AND version=-

vendor=cisco AND product=catalyst_c9300-48t AND version=-

vendor=cisco AND product=catalyst_c9300-48u AND version=-

vendor=cisco AND product=catalyst_c9300-48un AND version=-

vendor=cisco AND product=catalyst_c9300-48uxm AND version=-

vendor=cisco AND product=catalyst_c9300l-24p-4g AND version=-

vendor=cisco AND product=catalyst_c9300l-24p-4x AND version=-

vendor=cisco AND product=catalyst_c9300l-24t-4g AND version=-

vendor=cisco AND product=catalyst_c9300l-24t-4x AND version=-

vendor=cisco AND product=catalyst_c9300l-48p-4g AND version=-

vendor=cisco AND product=catalyst_c9300l-48p-4x AND version=-

vendor=cisco AND product=catalyst_c9300l-48t-4g AND version=-

vendor=cisco AND product=catalyst_c9300l-48t-4x AND version=-

vendor=cisco AND product=catalyst_c9500-12q AND version=-

vendor=cisco AND product=catalyst_c9500-16x AND version=-

vendor=cisco AND product=catalyst_c9500-24q AND version=-

vendor=cisco AND product=catalyst_c9500-24y4c AND version=-

vendor=cisco AND product=catalyst_c9500-32c AND version=-

vendor=cisco AND product=catalyst_c9500-32qc AND version=-

vendor=cisco AND product=catalyst_c9500-40x AND version=-

vendor=cisco AND product=catalyst_c9500-48y4c AND version=-

vendor=cisco AND product=cloud_services_router_1000v AND version=-

vendor=cisco AND product=integrated_services_virtual_router AND version=-

vendor=cisco AND product=isr_1100 AND version=-

vendor=cisco AND product=isr_1101 AND version=-

vendor=cisco AND product=isr_1109 AND version=-

vendor=cisco AND product=isr_1111x AND version=-

vendor=cisco AND product=isr_111x AND version=-

vendor=cisco AND product=isr_1120 AND version=-

vendor=cisco AND product=isr_1160 AND version=-

vendor=cisco AND product=ws-c3650-12x48uq AND version=-

vendor=cisco AND product=ws-c3650-12x48ur AND version=-

vendor=cisco AND product=ws-c3650-12x48uz AND version=-

vendor=cisco AND product=ws-c3650-24pd AND version=-

vendor=cisco AND product=ws-c3650-24pdm AND version=-

vendor=cisco AND product=ws-c3650-24ps AND version=-

vendor=cisco AND product=ws-c3650-24td AND version=-

vendor=cisco AND product=ws-c3650-24ts AND version=-

vendor=cisco AND product=ws-c3650-48fd AND version=-

vendor=cisco AND product=ws-c3650-48fq AND version=-

vendor=cisco AND product=ws-c3650-48fqm AND version=-

vendor=cisco AND product=ws-c3650-48fs AND version=-

vendor=cisco AND product=ws-c3650-48pd AND version=-

vendor=cisco AND product=ws-c3650-48pq AND version=-

vendor=cisco AND product=ws-c3650-48ps AND version=-

vendor=cisco AND product=ws-c3650-48td AND version=-

vendor=cisco AND product=ws-c3650-48tq AND version=-

vendor=cisco AND product=ws-c3650-48ts AND version=-

vendor=cisco AND product=ws-c3650-8x24uq AND version=-

vendor=cisco AND product=ws-c3850 AND version=-

vendor=cisco AND product=ws-c3850-12s AND version=-

vendor=cisco AND product=ws-c3850-12x48u AND version=-

vendor=cisco AND product=ws-c3850-12xs AND version=-

vendor=cisco AND product=ws-c3850-24p AND version=-

vendor=cisco AND product=ws-c3850-24s AND version=-

vendor=cisco AND product=ws-c3850-24t AND version=-

vendor=cisco AND product=ws-c3850-24u AND version=-

vendor=cisco AND product=ws-c3850-24xs AND version=-

vendor=cisco AND product=ws-c3850-24xu AND version=-

vendor=cisco AND product=ws-c3850-48f AND version=-

vendor=cisco AND product=ws-c3850-48p AND version=-

vendor=cisco AND product=ws-c3850-48t AND version=-

vendor=cisco AND product=ws-c3850-48u AND version=-

vendor=cisco AND product=ws-c3850-48xs AND version=-

vendor=cisco AND product=ws-c3860 AND version=-

Reference

20200924 Cisco IOS XE Software Privilege Escalation Vulnerabilities-Vendor Advisory

Keywords

CVE-2020-3425

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-3425

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures