ID

VAR-202006-1096


CVE

CVE-2020-3229


TITLE

Cisco IOS XE  Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006130

DESCRIPTION

A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user. Cisco IOS XE Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 1.71

sources: NVD: CVE-2020-3229 // JVNDB: JVNDB-2020-006130 // VULHUB: VHN-181354

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.3.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1y

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.7a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.2.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.5a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.10

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.7

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.9

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.7

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.8

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3h

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1g

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.8

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1a

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006130 // NVD: CVE-2020-3229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3229
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3229
value: HIGH

Trust: 1.0

NVD: CVE-2020-3229
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-317
value: HIGH

Trust: 0.6

VULHUB: VHN-181354
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3229
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181354
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2020-3229
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3229
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-181354 // JVNDB: JVNDB-2020-006130 // CNNVD: CNNVD-202006-317 // NVD: CVE-2020-3229 // NVD: CVE-2020-3229

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:CWE-264

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181354 // JVNDB: JVNDB-2020-006130 // NVD: CVE-2020-3229

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-317

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202006-317

PATCH

title:cisco-sa-webui-PZgQxjfGurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG

Trust: 0.8

title:Cisco IOS XE Fixes for permissions and access control issues vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=120224

Trust: 0.6

sources: JVNDB: JVNDB-2020-006130 // CNNVD: CNNVD-202006-317

EXTERNAL IDS

db:NVDid:CVE-2020-3229

Trust: 3.3

db:JVNid:JVNVU94803886

Trust: 0.8

db:ICS CERTid:ICSA-22-300-03

Trust: 0.8

db:JVNDBid:JVNDB-2020-006130

Trust: 0.8

db:CNNVDid:CNNVD-202006-317

Trust: 0.7

db:AUSCERTid:ESB-2020.1938

Trust: 0.6

db:AUSCERTid:ESB-2022.5426

Trust: 0.6

db:NSFOCUSid:47190

Trust: 0.6

db:VULHUBid:VHN-181354

Trust: 0.1

sources: VULHUB: VHN-181354 // JVNDB: JVNDB-2020-006130 // CNNVD: CNNVD-202006-317 // NVD: CVE-2020-3229

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webui-pzgqxjfg

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3229

Trust: 1.4

url:https://jvn.jp/vu/jvnvu94803886/index.html

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-03

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.1938/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47190

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-multiple-vulnerabilities-32421

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5426

Trust: 0.6

sources: VULHUB: VHN-181354 // JVNDB: JVNDB-2020-006130 // CNNVD: CNNVD-202006-317 // NVD: CVE-2020-3229

SOURCES

db:VULHUBid:VHN-181354
db:JVNDBid:JVNDB-2020-006130
db:CNNVDid:CNNVD-202006-317
db:NVDid:CVE-2020-3229

LAST UPDATE DATE

2024-08-14T13:24:28.162000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181354date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006130date:2022-10-31T02:44:00
db:CNNVDid:CNNVD-202006-317date:2022-10-28T00:00:00
db:NVDid:CVE-2020-3229date:2020-06-09T18:59:19.590

SOURCES RELEASE DATE

db:VULHUBid:VHN-181354date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-006130date:2020-07-01T00:00:00
db:CNNVDid:CNNVD-202006-317date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3229date:2020-06-03T18:15:20.900