Details of VAR-202009-1128

ID

VAR-202009-1128

CVE

CVE-2020-3417

TITLE

Cisco IOS XE In software OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-011827

DESCRIPTION

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device. Both Cisco IOS and IOS XE are products of Cisco (Cisco). CLI is one of those command line interfaces

Trust: 1.71

sources: NVD: CVE-2020-3417 // JVNDB: JVNDB-2020-011827 // VULHUB: VHN-181542

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.8sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1y	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.7sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1csp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.3asp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.8asp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.2sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.5sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1f	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.3sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1hsp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.3bsp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1w	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1bsp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1x	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.6sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1gsp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.4sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1asp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3h	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1g	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5f	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.2asp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1isp	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-011827 // NVD: CVE-2020-3417

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3417
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3417
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-3417
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202009-1440
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181542
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3417
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-181542
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3417
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3417
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-3417
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181542 // JVNDB: JVNDB-2020-011827 // CNNVD: CNNVD-202009-1440 // NVD: CVE-2020-3417 // NVD: CVE-2020-3417

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	OS Command injection (CWE-78) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181542 // JVNDB: JVNDB-2020-011827 // NVD: CVE-2020-3417

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1440

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202009-1440

PATCH

title:	cisco-sa-xbace-OnCEbyS	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS	Trust: 0.8
title:	Cisco IOS XE Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129100	Trust: 0.6

sources: JVNDB: JVNDB-2020-011827 // CNNVD: CNNVD-202009-1440

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3417	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-011827	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-1440	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3293	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3293.2	Trust: 0.6
db:	CNVD	id:	CNVD-2020-56466	Trust: 0.1
db:	VULHUB	id:	VHN-181542	Trust: 0.1

sources: VULHUB: VHN-181542 // JVNDB: JVNDB-2020-011827 // CNNVD: CNNVD-202009-1440 // NVD: CVE-2020-3417

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xbace-oncebys	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3417	Trust: 1.4
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-33416	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3293/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3293.2/	Trust: 0.6

sources: VULHUB: VHN-181542 // JVNDB: JVNDB-2020-011827 // CNNVD: CNNVD-202009-1440 // NVD: CVE-2020-3417

SOURCES

db:	VULHUB	id:	VHN-181542
db:	JVNDB	id:	JVNDB-2020-011827
db:	CNNVD	id:	CNNVD-202009-1440
db:	NVD	id:	CVE-2020-3417

LAST UPDATE DATE

2024-08-14T13:54:30.986000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181542	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-011827	date:	2021-04-15T07:51:00
db:	CNNVD	id:	CNNVD-202009-1440	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-3417	date:	2023-11-07T03:22:41.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181542	date:	2020-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-011827	date:	2021-04-15T00:00:00
db:	CNNVD	id:	CNNVD-202009-1440	date:	2020-09-24T00:00:00
db:	NVD	id:	CVE-2020-3417	date:	2020-09-24T18:15:18.730