Sign-up

ID

VAR-202006-1814


CVE

CVE-2020-3208


TITLE

Cisco IOS Software permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-006204

DESCRIPTION

A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15. Cisco IOS The software contains a vulnerability in privilege management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-3208 // JVNDB: JVNDB-2020-006204

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m6a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m6b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m1b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m11

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.0\(2\)sg11a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m9

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m6a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m8

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m8

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m2a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m10

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m3a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m4b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)jpj

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m2a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m4a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)jaa1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m9

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(60\)ez16

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m4a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006204 // NVD: CVE-2020-3208

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-3208
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006204
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-314
value: MEDIUM

Trust: 0.6

NVD: CVE-2020-3208
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006204
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-3208
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006204
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-006204 // CNNVD: CNNVD-202006-314 // NVD: CVE-2020-3208

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2020-006204 // NVD: CVE-2020-3208

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-314

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-314

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-3208

PATCH
title:cisco-sa-ios-ir800-img-verif-wHhLYHjKurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-ir800-img-verif-whhlyhjk
Trust: 0.8
title:Cisco 809  and 829 Industrial Integrated Services Routers Cisco IOS Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120221
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006204 // 
            
            
            
            CNNVD: CNNVD-202006-314

EXTERNAL IDS
db:NVDid:CVE-2020-3208
Trust: 2.4
db:JVNDBid:JVNDB-2020-006204
Trust: 0.8
db:AUSCERTid:ESB-2020.1944
Trust: 0.6
db:CNNVDid:CNNVD-202006-314
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006204 // 
            
            
            
            CNNVD: CNNVD-202006-314 // 
            
            
            
            NVD: CVE-2020-3208

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-ir800-img-verif-whhlyhjk
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-3208
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3208
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-ios-privilege-escalation-via-cisco-industrial-routers-image-verification-bypass-32419
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1944/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006204 // 
            
            
            
            CNNVD: CNNVD-202006-314 // 
            
            
            
            NVD: CVE-2020-3208

SOURCES
db:JVNDBid:JVNDB-2020-006204
db:CNNVDid:CNNVD-202006-314
db:NVDid:CVE-2020-3208

LAST UPDATE DATE
2022-05-04T08:52:42.426000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-006204date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202006-314date:2021-10-27T00:00:00
db:NVDid:CVE-2020-3208date:2021-10-26T16:29:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-006204date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202006-314date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3208date:2020-06-03T18:15:00