ID

VAR-202009-1128


CVE

CVE-2020-3417


TITLE

Cisco IOS XE  In software  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-011827

DESCRIPTION

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device. Both Cisco IOS and IOS XE are products of Cisco (Cisco). CLI is one of those command line interfaces

Trust: 1.71

sources: NVD: CVE-2020-3417 // JVNDB: JVNDB-2020-011827 // VULHUB: VHN-181542

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.8sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1y

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.7a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.7sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1csp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.3asp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.8asp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.2sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.5sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.3sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.5a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1hsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.3bsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1bsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.6sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1gsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.4sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1asp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.0sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.7

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3h

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1g

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.2asp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1isp

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011827 // NVD: CVE-2020-3417

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3417
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3417
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3417
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202009-1440
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181542
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3417
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181542
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3417
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3417
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-3417
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181542 // JVNDB: JVNDB-2020-011827 // CNNVD: CNNVD-202009-1440 // NVD: CVE-2020-3417 // NVD: CVE-2020-3417

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181542 // JVNDB: JVNDB-2020-011827 // NVD: CVE-2020-3417

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1440

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202009-1440

PATCH

title:cisco-sa-xbace-OnCEbySurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS

Trust: 0.8

title:Cisco IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129100

Trust: 0.6

sources: JVNDB: JVNDB-2020-011827 // CNNVD: CNNVD-202009-1440

EXTERNAL IDS

db:NVDid:CVE-2020-3417

Trust: 2.5

db:JVNDBid:JVNDB-2020-011827

Trust: 0.8

db:CNNVDid:CNNVD-202009-1440

Trust: 0.7

db:AUSCERTid:ESB-2020.3293

Trust: 0.6

db:AUSCERTid:ESB-2020.3293.2

Trust: 0.6

db:CNVDid:CNVD-2020-56466

Trust: 0.1

db:VULHUBid:VHN-181542

Trust: 0.1

sources: VULHUB: VHN-181542 // JVNDB: JVNDB-2020-011827 // CNNVD: CNNVD-202009-1440 // NVD: CVE-2020-3417

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xbace-oncebys

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3417

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-33416

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3293/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3293.2/

Trust: 0.6

sources: VULHUB: VHN-181542 // JVNDB: JVNDB-2020-011827 // CNNVD: CNNVD-202009-1440 // NVD: CVE-2020-3417

SOURCES

db:VULHUBid:VHN-181542
db:JVNDBid:JVNDB-2020-011827
db:CNNVDid:CNNVD-202009-1440
db:NVDid:CVE-2020-3417

LAST UPDATE DATE

2024-08-14T13:54:30.986000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181542date:2020-11-24T00:00:00
db:JVNDBid:JVNDB-2020-011827date:2021-04-15T07:51:00
db:CNNVDid:CNNVD-202009-1440date:2021-08-16T00:00:00
db:NVDid:CVE-2020-3417date:2023-11-07T03:22:41.223

SOURCES RELEASE DATE

db:VULHUBid:VHN-181542date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-011827date:2021-04-15T00:00:00
db:CNNVDid:CNNVD-202009-1440date:2020-09-24T00:00:00
db:NVDid:CVE-2020-3417date:2020-09-24T18:15:18.730