Sign-up

ID

VAR-202006-1083


CVE

CVE-2020-3216


TITLE

Cisco IOS XE SD-WAN Authentication vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-006195

DESCRIPTION

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device. Cisco IOS XE SD-WAN The software contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both Cisco IOS and IOS XE are products of Cisco (Cisco). CLI is one of those command line interfaces. SD-WAN Software is one of the software-defined WAN software

Trust: 1.71

sources: NVD: CVE-2020-3216 // JVNDB: JVNDB-2020-006195 // VULHUB: VHN-181341

AFFECTED PRODUCTS

vendor:ciscomodel:ios xe sd-wanscope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:eqversion:16.9.4

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:eqversion:16.9.3

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:eqversion:16.10.0

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:eqversion:16.9.0

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006195 // NVD: CVE-2020-3216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3216
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3216
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006195
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-313
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181341
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3216
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006195
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181341
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3216
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3216
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006195
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181341 // JVNDB: JVNDB-2020-006195 // CNNVD: CNNVD-202006-313 // NVD: CVE-2020-3216 // NVD: CVE-2020-3216

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-181341 // JVNDB: JVNDB-2020-006195 // NVD: CVE-2020-3216

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202006-313

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006195

PATCH
title:cisco-sa-auth-b-NzwhJHH7url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-auth-b-NzwhJHH7
Trust: 0.8
title:Cisc IOS XE SD-WAN Software Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120220
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006195 // 
            
            
            
            CNNVD: CNNVD-202006-313

EXTERNAL IDS
db:NVDid:CVE-2020-3216
Trust: 2.5
db:JVNDBid:JVNDB-2020-006195
Trust: 0.8
db:CNNVDid:CNNVD-202006-313
Trust: 0.7
db:AUSCERTid:ESB-2020.1939
Trust: 0.6
db:CNVDid:CNVD-2020-32902
Trust: 0.1
db:VULHUBid:VHN-181341
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181341 // 
            
            
            
            JVNDB: JVNDB-2020-006195 // 
            
            
            
            CNNVD: CNNVD-202006-313 // 
            
            
            
            NVD: CVE-2020-3216

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-auth-b-nzwhjhh7
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3216
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3216
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1939/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-xe-privilege-escalation-via-sd-wan-software-32410
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181341 // 
            
            
            
            JVNDB: JVNDB-2020-006195 // 
            
            
            
            CNNVD: CNNVD-202006-313 // 
            
            
            
            NVD: CVE-2020-3216

SOURCES
db:VULHUBid:VHN-181341
db:JVNDBid:JVNDB-2020-006195
db:CNNVDid:CNNVD-202006-313
db:NVDid:CVE-2020-3216

LAST UPDATE DATE
2024-11-23T22:05:36.568000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181341date:2020-06-10T00:00:00
db:JVNDBid:JVNDB-2020-006195date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202006-313date:2020-06-11T00:00:00
db:NVDid:CVE-2020-3216date:2024-11-21T05:30:34.830

SOURCES RELEASE DATE
db:VULHUBid:VHN-181341date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-006195date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202006-313date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3216date:2020-06-03T18:15:19.650