Lucene search

[email protected]NVD:CVE-2020-3216

HistoryJun 03, 2020 - 6:15 p.m.

CVE-2020-3216

2020-06-0318:15:19

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.

Affected configurations

Nvd

Node

ciscoios_xe_sd-wanMatch16.9.0

ciscoios_xe_sd-wanMatch16.9.1

ciscoios_xe_sd-wanMatch16.9.2

ciscoios_xe_sd-wanMatch16.9.3

ciscoios_xe_sd-wanMatch16.9.4

ciscoios_xe_sd-wanMatch16.10.0

ciscoios_xe_sd-wanMatch16.10.1

VendorProductVersionCPE
ciscoios_xe_sd-wan16.9.0cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.0:*:*:*:*:*:*:*
ciscoios_xe_sd-wan16.9.1cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.1:*:*:*:*:*:*:*
ciscoios_xe_sd-wan16.9.2cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.2:*:*:*:*:*:*:*
ciscoios_xe_sd-wan16.9.3cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.3:*:*:*:*:*:*:*
ciscoios_xe_sd-wan16.9.4cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.4:*:*:*:*:*:*:*
ciscoios_xe_sd-wan16.10.0cpe:2.3:o:cisco:ios_xe_sd-wan:16.10.0:*:*:*:*:*:*:*
ciscoios_xe_sd-wan16.10.1cpe:2.3:o:cisco:ios_xe_sd-wan:16.10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe_sd-wan	16.9.0	cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.0:::::::*
cisco	ios_xe_sd-wan	16.9.1	cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.1:::::::*
cisco	ios_xe_sd-wan	16.9.2	cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.2:::::::*
cisco	ios_xe_sd-wan	16.9.3	cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.3:::::::*
cisco	ios_xe_sd-wan	16.9.4	cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.4:::::::*
cisco	ios_xe_sd-wan	16.10.0	cpe:2.3:o:cisco:ios_xe_sd-wan:16.10.0:::::::*
cisco	ios_xe_sd-wan	16.10.1	cpe:2.3:o:cisco:ios_xe_sd-wan:16.10.1:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-auth-b-NzwhJHH7

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

Related for NVD:CVE-2020-3216

cisco1 cve1 prion1 cvelist1 nessus1