Details of VAR-202006-1085

ID

VAR-202006-1085

CVE

CVE-2020-3218

TITLE

Cisco IOS XE Input validation vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-006196

DESCRIPTION

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by first creating a malicious file on the affected device itself and then uploading a second malicious file to the device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or bypass licensing requirements on the device. Cisco IOS XE The software contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 1.8

sources: NVD: CVE-2020-3218 // JVNDB: JVNDB-2020-006196 // VULHUB: VHN-181343 // VULMON: CVE-2020-3218

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1y	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3h	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1g	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1f	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2a	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-006196 // NVD: CVE-2020-3218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3218
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3218
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3218
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202006-362
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181343
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-3218
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3218
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-181343
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2020-3218
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-3218
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-181343 // VULMON: CVE-2020-3218 // JVNDB: JVNDB-2020-006196 // CNNVD: CNNVD-202006-362 // NVD: CVE-2020-3218 // NVD: CVE-2020-3218

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181343 // JVNDB: JVNDB-2020-006196 // NVD: CVE-2020-3218

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-362

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-362

PATCH

title:	cisco-sa-iosxe-webui-rce-uk8BXcUD	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD	Trust: 0.8
title:	Cisco: Cisco IOS XE Software Web UI Remote Code Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxe-webui-rce-uk8BXcUD	Trust: 0.1
title:	CVE-2020-3218	url:	https://github.com/AlAIAL90/CVE-2020-3218	Trust: 0.1

sources: VULMON: CVE-2020-3218 // JVNDB: JVNDB-2020-006196

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3218	Trust: 3.4
db:	JVN	id:	JVNVU94803886	Trust: 0.8
db:	ICS CERT	id:	ICSA-22-300-03	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006196	Trust: 0.8
db:	CNNVD	id:	CNNVD-202006-362	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1938	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5426	Trust: 0.6
db:	NSFOCUS	id:	47198	Trust: 0.6
db:	VULHUB	id:	VHN-181343	Trust: 0.1
db:	VULMON	id:	CVE-2020-3218	Trust: 0.1

sources: VULHUB: VHN-181343 // VULMON: CVE-2020-3218 // JVNDB: JVNDB-2020-006196 // CNNVD: CNNVD-202006-362 // NVD: CVE-2020-3218

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-webui-rce-uk8bxcud	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3218	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu94803886/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-03	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1938/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xe-multiple-vulnerabilities-32421	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47198	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5426	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2020-3218	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-181343 // VULMON: CVE-2020-3218 // JVNDB: JVNDB-2020-006196 // CNNVD: CNNVD-202006-362 // NVD: CVE-2020-3218

SOURCES

db:	VULHUB	id:	VHN-181343
db:	VULMON	id:	CVE-2020-3218
db:	JVNDB	id:	JVNDB-2020-006196
db:	CNNVD	id:	CNNVD-202006-362
db:	NVD	id:	CVE-2020-3218

LAST UPDATE DATE

2024-08-14T13:24:31.750000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181343	date:	2021-09-17T00:00:00
db:	VULMON	id:	CVE-2020-3218	date:	2021-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-006196	date:	2022-10-31T02:53:00
db:	CNNVD	id:	CNNVD-202006-362	date:	2022-10-28T00:00:00
db:	NVD	id:	CVE-2020-3218	date:	2021-09-17T18:40:33.393

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181343	date:	2020-06-03T00:00:00
db:	VULMON	id:	CVE-2020-3218	date:	2020-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-006196	date:	2020-07-03T00:00:00
db:	CNNVD	id:	CNNVD-202006-362	date:	2020-06-03T00:00:00
db:	NVD	id:	CVE-2020-3218	date:	2020-06-03T18:15:19.807