CVE-2020-3215

Published: Jun 3, 2020Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device.

Affected (224)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

224 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 16.1.1
Cisco Ios Xe	Version 16.1.2
Cisco Ios Xe	Version 16.1.3
Cisco Ios Xe	Version 16.10.1
Cisco Ios Xe	Version 16.10.1a
Cisco Ios Xe	Version 16.10.1b
Cisco Ios Xe	Version 16.10.1c
Cisco Ios Xe	Version 16.10.1d
Cisco Ios Xe	Version 16.10.1e
Cisco Ios Xe	Version 16.10.1f
Cisco Ios Xe	Version 16.10.1g
Cisco Ios Xe	Version 16.10.1s
Cisco Ios Xe	Version 16.10.2
Cisco Ios Xe	Version 16.11.1
Cisco Ios Xe	Version 16.11.1a
Cisco Ios Xe	Version 16.11.1b
Cisco Ios Xe	Version 16.11.1c
Cisco Ios Xe	Version 16.11.1s
Cisco Ios Xe	Version 16.12.1y
Cisco Ios Xe	Version 16.2.1
Cisco Ios Xe	Version 16.2.2
Cisco Ios Xe	Version 16.3.1
Cisco Ios Xe	Version 16.3.1a
Cisco Ios Xe	Version 16.3.2
Cisco Ios Xe	Version 16.3.3
Cisco Ios Xe	Version 16.3.4
Cisco Ios Xe	Version 16.3.5
Cisco Ios Xe	Version 16.3.5b
Cisco Ios Xe	Version 16.3.6
Cisco Ios Xe	Version 16.3.7
Cisco Ios Xe	Version 16.3.8
Cisco Ios Xe	Version 16.3.9
Cisco Ios Xe	Version 16.4.1
Cisco Ios Xe	Version 16.4.2
Cisco Ios Xe	Version 16.4.3
Cisco Ios Xe	Version 16.5.1
Cisco Ios Xe	Version 16.5.1a
Cisco Ios Xe	Version 16.5.1b
Cisco Ios Xe	Version 16.5.2
Cisco Ios Xe	Version 16.5.3
Cisco Ios Xe	Version 16.6.1
Cisco Ios Xe	Version 16.6.2
Cisco Ios Xe	Version 16.6.3
Cisco Ios Xe	Version 16.6.4
Cisco Ios Xe	Version 16.6.4a
Cisco Ios Xe	Version 16.6.4s
Cisco Ios Xe	Version 16.6.5
Cisco Ios Xe	Version 16.6.5a
Cisco Ios Xe	Version 16.6.5b
Cisco Ios Xe	Version 16.6.6
Cisco Ios Xe	Version 16.7.1
Cisco Ios Xe	Version 16.7.1a
Cisco Ios Xe	Version 16.7.1b
Cisco Ios Xe	Version 16.7.2
Cisco Ios Xe	Version 16.7.3
Cisco Ios Xe	Version 16.7.4
Cisco Ios Xe	Version 16.8.1
Cisco Ios Xe	Version 16.8.1a
Cisco Ios Xe	Version 16.8.1b
Cisco Ios Xe	Version 16.8.1c
Cisco Ios Xe	Version 16.8.1d
Cisco Ios Xe	Version 16.8.1e
Cisco Ios Xe	Version 16.8.1s
Cisco Ios Xe	Version 16.8.2
Cisco Ios Xe	Version 16.8.3
Cisco Ios Xe	Version 16.9.1
Cisco Ios Xe	Version 16.9.1a
Cisco Ios Xe	Version 16.9.1b
Cisco Ios Xe	Version 16.9.1c
Cisco Ios Xe	Version 16.9.1d
Cisco Ios Xe	Version 16.9.1s
Cisco Ios Xe	Version 16.9.2
Cisco Ios Xe	Version 16.9.2a
Cisco Ios Xe	Version 16.9.2s
Cisco Ios Xe	Version 16.9.3
Cisco Ios Xe	Version 16.9.3a
Cisco Ios Xe	Version 16.9.3h
Cisco Ios Xe	Version 16.9.3s
Cisco Ios Xe	Version 3.10.0ce
Cisco Ios Xe	Version 3.10.0e
Cisco Ios Xe	Version 3.10.0s
Cisco Ios Xe	Version 3.10.10s
Cisco Ios Xe	Version 3.10.1ae
Cisco Ios Xe	Version 3.10.1e
Cisco Ios Xe	Version 3.10.1s
Cisco Ios Xe	Version 3.10.1se
Cisco Ios Xe	Version 3.10.2as
Cisco Ios Xe	Version 3.10.2e
Cisco Ios Xe	Version 3.10.2s
Cisco Ios Xe	Version 3.10.2ts
Cisco Ios Xe	Version 3.10.3e
Cisco Ios Xe	Version 3.10.3s
Cisco Ios Xe	Version 3.10.4s
Cisco Ios Xe	Version 3.10.5s
Cisco Ios Xe	Version 3.10.6s
Cisco Ios Xe	Version 3.10.7s
Cisco Ios Xe	Version 3.10.8as
Cisco Ios Xe	Version 3.10.8s
Cisco Ios Xe	Version 3.10.9s
Cisco Ios Xe	Version 3.11.0e
Cisco Ios Xe	Version 3.11.0s
Cisco Ios Xe	Version 3.11.1s
Cisco Ios Xe	Version 3.11.2s
Cisco Ios Xe	Version 3.11.3e
Cisco Ios Xe	Version 3.11.3s
Cisco Ios Xe	Version 3.11.4s
Cisco Ios Xe	Version 3.12.0as
Cisco Ios Xe	Version 3.12.0s
Cisco Ios Xe	Version 3.12.1s
Cisco Ios Xe	Version 3.12.2s
Cisco Ios Xe	Version 3.12.3s
Cisco Ios Xe	Version 3.12.4s
Cisco Ios Xe	Version 3.13.0as
Cisco Ios Xe	Version 3.13.0s
Cisco Ios Xe	Version 3.13.10s
Cisco Ios Xe	Version 3.13.1s
Cisco Ios Xe	Version 3.13.2as
Cisco Ios Xe	Version 3.13.2s
Cisco Ios Xe	Version 3.13.3s
Cisco Ios Xe	Version 3.13.4s
Cisco Ios Xe	Version 3.13.5as
Cisco Ios Xe	Version 3.13.5s
Cisco Ios Xe	Version 3.13.6as
Cisco Ios Xe	Version 3.13.6bs
Cisco Ios Xe	Version 3.13.6s
Cisco Ios Xe	Version 3.13.7as
Cisco Ios Xe	Version 3.13.7s
Cisco Ios Xe	Version 3.13.8s
Cisco Ios Xe	Version 3.13.9s
Cisco Ios Xe	Version 3.14.0s
Cisco Ios Xe	Version 3.14.1s
Cisco Ios Xe	Version 3.14.2s
Cisco Ios Xe	Version 3.14.3s
Cisco Ios Xe	Version 3.14.4s
Cisco Ios Xe	Version 3.15.0s
Cisco Ios Xe	Version 3.15.1cs
Cisco Ios Xe	Version 3.15.1s
Cisco Ios Xe	Version 3.15.2s
Cisco Ios Xe	Version 3.15.3s
Cisco Ios Xe	Version 3.15.4s
Cisco Ios Xe	Version 3.16.0as
Cisco Ios Xe	Version 3.16.0bs
Cisco Ios Xe	Version 3.16.0cs
Cisco Ios Xe	Version 3.16.0s
Cisco Ios Xe	Version 3.16.1as
Cisco Ios Xe	Version 3.16.1s
Cisco Ios Xe	Version 3.16.2as
Cisco Ios Xe	Version 3.16.2bs
Cisco Ios Xe	Version 3.16.2s
Cisco Ios Xe	Version 3.16.3as
Cisco Ios Xe	Version 3.16.3s
Cisco Ios Xe	Version 3.16.4as
Cisco Ios Xe	Version 3.16.4bs
Cisco Ios Xe	Version 3.16.4cs
Cisco Ios Xe	Version 3.16.4ds
Cisco Ios Xe	Version 3.16.4es
Cisco Ios Xe	Version 3.16.4gs
Cisco Ios Xe	Version 3.16.4s
Cisco Ios Xe	Version 3.16.5as
Cisco Ios Xe	Version 3.16.5bs
Cisco Ios Xe	Version 3.16.5s
Cisco Ios Xe	Version 3.16.6bs
Cisco Ios Xe	Version 3.16.6s
Cisco Ios Xe	Version 3.16.7as
Cisco Ios Xe	Version 3.16.7bs
Cisco Ios Xe	Version 3.16.7s
Cisco Ios Xe	Version 3.16.8s
Cisco Ios Xe	Version 3.16.9s
Cisco Ios Xe	Version 3.17.0s
Cisco Ios Xe	Version 3.17.1as
Cisco Ios Xe	Version 3.17.1s
Cisco Ios Xe	Version 3.17.2s
Cisco Ios Xe	Version 3.17.3s
Cisco Ios Xe	Version 3.17.4s
Cisco Ios Xe	Version 3.18.0as
Cisco Ios Xe	Version 3.18.0s
Cisco Ios Xe	Version 3.18.0sp
Cisco Ios Xe	Version 3.18.1asp
Cisco Ios Xe	Version 3.18.1bsp
Cisco Ios Xe	Version 3.18.1csp
Cisco Ios Xe	Version 3.18.1gsp
Cisco Ios Xe	Version 3.18.1hsp
Cisco Ios Xe	Version 3.18.1isp
Cisco Ios Xe	Version 3.18.1s
Cisco Ios Xe	Version 3.18.1sp
Cisco Ios Xe	Version 3.18.2asp
Cisco Ios Xe	Version 3.18.2s
Cisco Ios Xe	Version 3.18.2sp
Cisco Ios Xe	Version 3.18.3asp
Cisco Ios Xe	Version 3.18.3bsp
Cisco Ios Xe	Version 3.18.3s
Cisco Ios Xe	Version 3.18.3sp
Cisco Ios Xe	Version 3.18.4s
Cisco Ios Xe	Version 3.18.4sp
Cisco Ios Xe	Version 3.18.5sp
Cisco Ios Xe	Version 3.18.6sp
Cisco Ios Xe	Version 3.7.0e
Cisco Ios Xe	Version 3.7.1e
Cisco Ios Xe	Version 3.7.2e
Cisco Ios Xe	Version 3.7.3e
Cisco Ios Xe	Version 3.7.4e
Cisco Ios Xe	Version 3.7.5e
Cisco Ios Xe	Version 3.8.0e
Cisco Ios Xe	Version 3.8.0s
Cisco Ios Xe	Version 3.8.1e
Cisco Ios Xe	Version 3.8.1s
Cisco Ios Xe	Version 3.8.2e
Cisco Ios Xe	Version 3.8.2s
Cisco Ios Xe	Version 3.8.3e
Cisco Ios Xe	Version 3.8.4e
Cisco Ios Xe	Version 3.8.5ae
Cisco Ios Xe	Version 3.8.5e
Cisco Ios Xe	Version 3.8.6e
Cisco Ios Xe	Version 3.8.7e
Cisco Ios Xe	Version 3.8.8e
Cisco Ios Xe	Version 3.9.0as
Cisco Ios Xe	Version 3.9.0e
Cisco Ios Xe	Version 3.9.0s
Cisco Ios Xe	Version 3.9.1as
Cisco Ios Xe	Version 3.9.1e
Cisco Ios Xe	Version 3.9.1s
Cisco Ios Xe	Version 3.9.2be
Cisco Ios Xe	Version 3.9.2e
Cisco Ios Xe	Version 3.9.2s

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-264

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc1-OKMKFRhV

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc1-OKMKFRhV

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.