Sign-up

ID

VAR-202006-1079


CVE

CVE-2020-3212


TITLE

Cisco IOS XE In software OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-006197

DESCRIPTION

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device. (DoS) It may be put into a state. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 1.71

sources: NVD: CVE-2020-3212 // JVNDB: JVNDB-2020-006197 // VULHUB: VHN-181337

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.12.1y

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006197 // NVD: CVE-2020-3212

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3212
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3212
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006197
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-357
value: HIGH

Trust: 0.6

VULHUB: VHN-181337
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3212
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006197
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181337
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3212
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3212
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006197
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181337 // JVNDB: JVNDB-2020-006197 // CNNVD: CNNVD-202006-357 // NVD: CVE-2020-3212 // NVD: CVE-2020-3212

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

problemtype:CWE-77

Trust: 1.0

sources: VULHUB: VHN-181337 // JVNDB: JVNDB-2020-006197 // NVD: CVE-2020-3212

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-357

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202006-357

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006197

PATCH
title:cisco-sa-web-cmdinj3-44st5CcAurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj3-44st5CcA
Trust: 0.8
title:Cisco IOS XE Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121143
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006197 // 
            
            
            
            CNNVD: CNNVD-202006-357

EXTERNAL IDS
db:NVDid:CVE-2020-3212
Trust: 2.5
db:JVNDBid:JVNDB-2020-006197
Trust: 0.8
db:CNNVDid:CNNVD-202006-357
Trust: 0.7
db:AUSCERTid:ESB-2020.1938
Trust: 0.6
db:NSFOCUSid:47189
Trust: 0.6
db:VULHUBid:VHN-181337
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181337 // 
            
            
            
            JVNDB: JVNDB-2020-006197 // 
            
            
            
            CNNVD: CNNVD-202006-357 // 
            
            
            
            NVD: CVE-2020-3212

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-web-cmdinj3-44st5cca
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3212
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3212
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1938/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-xe-multiple-vulnerabilities-32421
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47189
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181337 // 
            
            
            
            JVNDB: JVNDB-2020-006197 // 
            
            
            
            CNNVD: CNNVD-202006-357 // 
            
            
            
            NVD: CVE-2020-3212

SOURCES
db:VULHUBid:VHN-181337
db:JVNDBid:JVNDB-2020-006197
db:CNNVDid:CNNVD-202006-357
db:NVDid:CVE-2020-3212

LAST UPDATE DATE
2024-11-23T21:34:49.627000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181337date:2020-06-10T00:00:00
db:JVNDBid:JVNDB-2020-006197date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202006-357date:2020-07-21T00:00:00
db:NVDid:CVE-2020-3212date:2024-11-21T05:30:34.293

SOURCES RELEASE DATE
db:VULHUBid:VHN-181337date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-006197date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202006-357date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3212date:2020-06-03T18:15:19.277