CVE-2020-3141 | ByteOS Network

Vulnerability Details :

CVE-2020-3141

Assigner-cisco

Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633

Published At-24 Sep, 2020 | 18:02

Updated At-13 Nov, 2024 | 17:53

Cisco IOS XE Software Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:cisco

Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633

Published At:24 Sep, 2020 | 18:02

Updated At:13 Nov, 2024 | 17:53

▼CVE Numbering Authority (CNA)

Cisco IOS XE Software Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected Products

Vendor

Cisco Systems, Inc.

Product

Cisco IOS XE Software 16.1.1

Versions

Affected

n/a

Problem Types

Type	CWE ID	Description
CWE	CWE-20	CWE-20

Type: CWE

CWE ID: CWE-20

Description: CWE-20

Metrics

Version	Base score	Base severity	Vector
3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

References

Hyperlink	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM	vendor-advisory x_refsource_CISCO

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM

Resource:

vendor-advisory

x_refsource_CISCO

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM	vendor-advisory x_refsource_CISCO x_transferred

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM

Resource:

vendor-advisory

x_refsource_CISCO

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:ykramarz@cisco.com

Published At:24 Sep, 2020 | 18:15

Updated At:07 Nov, 2023 | 03:22

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 6.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P

CPE Matches

Cisco Systems, Inc.

>>ios_xe>>16.9.4

cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.2.1

cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.3

cpe:2.3:o:cisco:ios_xe:17.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>17.4.1

cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1100-4g_integrated_services_router>>-

cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1100-4gltegb_integrated_services_router>>-

cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1100-4gltena_integrated_services_router>>-

cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1100-4p_integrated_services_router>>-

cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1100-6g_integrated_services_router>>-

cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1100-8p_integrated_services_router>>-

cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1100-lte_integrated_services_router>>-

cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1100_integrated_services_router>>-

cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1101-4p_integrated_services_router>>-

cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1101_integrated_services_router>>-

cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1109-2p_integrated_services_router>>-

cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1109-4p_integrated_services_router>>-

cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1109_integrated_services_router>>-

cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1111x-8p_integrated_services_router>>-

cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1111x_integrated_services_router>>-

cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>111x_integrated_services_router>>-

cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1120_integrated_services_router>>-

cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>1160_integrated_services_router>>-

cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>4221_integrated_services_router>>-

cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>4331_integrated_services_router>>-

cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>4431_integrated_services_router>>-

cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>4451_integrated_services_router>>-

cpe:2.3:h:cisco:4451_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>4461_integrated_services_router>>-

cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr_1000-x>>-

cpe:2.3:h:cisco:asr_1000-x:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr_1001-x>>-

cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr_1002-x>>-

cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr1001-hx>>-

cpe:2.3:h:cisco:asr1001-hx:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr1001-hx-rf>>-

cpe:2.3:h:cisco:asr1001-hx-rf:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr1001-x-rf>>-

cpe:2.3:h:cisco:asr1001-x-rf:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr1001-x-ws>>-

cpe:2.3:h:cisco:asr1001-x-ws:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr1002-hx>>-

cpe:2.3:h:cisco:asr1002-hx:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr1002-hx-rf>>-

cpe:2.3:h:cisco:asr1002-hx-rf:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr1002-hx-ws>>-

cpe:2.3:h:cisco:asr1002-hx-ws:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr1002-x-rf>>-

cpe:2.3:h:cisco:asr1002-x-rf:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>asr1002-x-ws>>-

cpe:2.3:h:cisco:asr1002-x-ws:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>catalyst_9800-40>>-

cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>catalyst_9800-80>>-

cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>catalyst_9800-cl>>-

cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>catalyst_9800-l>>-

cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>catalyst_9800-l-c>>-

cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>catalyst_9800-l-f>>-

cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-20	Secondary	ykramarz@cisco.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-20

Type: Secondary

Source: ykramarz@cisco.com

References

Hyperlink	Source	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM	ykramarz@cisco.com	Vendor Advisory

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM

Source: ykramarz@cisco.com

Resource:

Vendor Advisory