← Back

CVE-2020-3229

nvd nist
Published: Jun 3, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user.

Affected (83)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
83 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
Version 16.10.1
Ios Xe
Version 16.10.1a
Ios Xe
Version 16.10.1b
Ios Xe
Version 16.10.1c
Ios Xe
Version 16.10.1d
Ios Xe
Version 16.10.1e
Ios Xe
Version 16.10.1f
Ios Xe
Version 16.10.1g
Ios Xe
Version 16.10.1s
Ios Xe
Version 16.10.2
Ios Xe
Version 16.10.3
Ios Xe
Version 16.11.1
Ios Xe
Version 16.11.1a
Ios Xe
Version 16.11.1b
Ios Xe
Version 16.11.1c
Ios Xe
Version 16.11.1s
Ios Xe
Version 16.12.1y
Ios Xe
Version 16.2.2
Ios Xe
Version 16.3.10
Ios Xe
Version 16.3.1
Ios Xe
Version 16.3.1a
Ios Xe
Version 16.3.2
Ios Xe
Version 16.3.3
Ios Xe
Version 16.3.4
Ios Xe
Version 16.3.5
Ios Xe
Version 16.3.5b
Ios Xe
Version 16.3.6
Ios Xe
Version 16.3.7
Ios Xe
Version 16.3.8
Ios Xe
Version 16.3.9
Ios Xe
Version 16.4.1
Ios Xe
Version 16.4.2
Ios Xe
Version 16.4.3
Ios Xe
Version 16.5.1
Ios Xe
Version 16.5.1a
Ios Xe
Version 16.5.1b
Ios Xe
Version 16.5.2
Ios Xe
Version 16.5.3
Ios Xe
Version 16.6.1
Ios Xe
Version 16.6.2
Ios Xe
Version 16.6.3
Ios Xe
Version 16.6.4
Ios Xe
Version 16.6.4a
Ios Xe
Version 16.6.4s
Ios Xe
Version 16.6.5
Ios Xe
Version 16.6.5a
Ios Xe
Version 16.6.5b
Ios Xe
Version 16.6.6
Ios Xe
Version 16.6.7
Ios Xe
Version 16.6.7a
Ios Xe
Version 16.6.8
Ios Xe
Version 16.7.1
Ios Xe
Version 16.7.1a
Ios Xe
Version 16.7.1b
Ios Xe
Version 16.7.2
Ios Xe
Version 16.7.3
Ios Xe
Version 16.7.4
Ios Xe
Version 16.8.1
Ios Xe
Version 16.8.1a
Ios Xe
Version 16.8.1b
Ios Xe
Version 16.8.1c
Ios Xe
Version 16.8.1d
Ios Xe
Version 16.8.1e
Ios Xe
Version 16.8.1s
Ios Xe
Version 16.8.2
Ios Xe
Version 16.8.3
Ios Xe
Version 16.9.1
Ios Xe
Version 16.9.1a
Ios Xe
Version 16.9.1b
Ios Xe
Version 16.9.1c
Ios Xe
Version 16.9.1d
Ios Xe
Version 16.9.1s
Ios Xe
Version 16.9.2
Ios Xe
Version 16.9.2a
Ios Xe
Version 16.9.2s
Ios Xe
Version 16.9.3
Ios Xe
Version 16.9.3a
Ios Xe
Version 16.9.3h
Ios Xe
Version 16.9.3s
Ios Xe
Version 16.9.4
Ios Xe
Version 16.9.4c
Ios Xe
Version 16.9.5
Ios Xe
Version 16.9.5f

Related CWEs

CWE-264
CWE-264
CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.