CVE-2020-3216

Published: Jun 3, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.

Affected (7)

Products: Cisco: Ios Xe Sd Wan

Cisco

1 product

Ios Xe Sd Wan

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xe Sd Wan	Version 16.10.0
Cisco Ios Xe Sd Wan	Version 16.10.1
Cisco Ios Xe Sd Wan	Version 16.9.0
Cisco Ios Xe Sd Wan	Version 16.9.1
Cisco Ios Xe Sd Wan	Version 16.9.2
Cisco Ios Xe Sd Wan	Version 16.9.3
Cisco Ios Xe Sd Wan	Version 16.9.4

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-auth-b-NzwhJHH7

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-auth-b-NzwhJHH7

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.