CVE-2020-3475

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS v3.0 8.1 HIGH
CVSS v2.0 5.5 MEDIUM

8.1^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-webui-multi-vfTkk7yr	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:asr_1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24ux:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48un:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-12q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-16x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32qc:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-40x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:::::::*
	cpe:2.3:h:cisco:isr_1100:-:::::::*
	cpe:2.3:h:cisco:isr_1101:-:::::::*
	cpe:2.3:h:cisco:isr_1109:-:::::::*
	cpe:2.3:h:cisco:isr_1111x:-:::::::*
	cpe:2.3:h:cisco:isr_111x:-:::::::*
	cpe:2.3:h:cisco:isr_1120:-:::::::*
cpe:2.3:h:cisco:isr_1160:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48uq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48ur:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48uz:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24pd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24pdm:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24ps:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24td:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24ts:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fqm:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fs:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48pd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48pq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48ps:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48td:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48tq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48ts:-:::::::*
cpe:2.3:h:cisco:ws-c3650-8x24uq:-:::::::*
cpe:2.3:h:cisco:ws-c3850:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12s:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12x48u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24p:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24s:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24t:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24xu:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48f:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48p:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48t:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48xs:-:::::::*

Information

Published : 2020-09-24 11:15

Updated : 2021-10-07 13:11

NVD link : CVE-2020-3475

Mitre link : CVE-2020-3475

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

cisco

catalyst_c9300l-48p-4x
catalyst_c9300-48p
catalyst_c9300l-24t-4g
ws-c3650-24ps
asr_1001-hx
catalyst_c9200-48t
ws-c3650-12x48uz
catalyst_c9500-48y4c
catalyst_c9200l-48t-4x
asr_1006
catalyst_c9300-24t
ws-c3650-24pdm
ws-c3850-48t
catalyst_c9300l-48p-4g
ws-c3650-24td
ws-c3650-48ps
catalyst_c9300-48s
catalyst_c9300-24p
catalyst_c9500-24q
catalyst_c9300l-24t-4x
asr_1001-x
isr_1101
catalyst_c9200l-24pxg-4x
catalyst_9800-80
catalyst_9800-l-f
catalyst_c9200l-24p-4g
ws-c3850-48f
catalyst_c9500-32qc
catalyst_c9500-32c
catalyst_c9500-24y4c
catalyst_c9200l-48p-4x
ws-c3850-48u
catalyst_c9200l-24t-4g
ws-c3650-48fqm
catalyst_c9200-24t
catalyst_9800-cl
catalyst_c9200l-48pxg-2y
catalyst_c9300-48uxm
catalyst_c9300-24ux
catalyst_9800-l
ws-c3650-48fd
catalyst_9800-l-c
catalyst_c9300l-24p-4g
catalyst_c9200-24p
catalyst_9800-40
catalyst_c9300-48u
catalyst_c9200l-24t-4x
catalyst_c9300-48t
isr_111x
ws-c3850-12xs
asr_1002-x
catalyst_c9300-24u
catalyst_c9300-48un
ws-c3850-24u
catalyst_c9500-40x
catalyst_c9300l-48t-4g
ws-c3850-48xs
ws-c3650-24ts
asr_1006-x
catalyst_c9200l-24p-4x
catalyst_c9300-24s
catalyst_c9200l-48t-4g
ws-c3650-48td
ws-c3650-12x48uq
asr_1013
ws-c3850-24p
isr_1100
catalyst_c9500-16x
ws-c3650-48tq
ws-c3650-24pd
ws-c3850-48p
catalyst_c9200l-24pxg-2y
ws-c3850
asr_1009-x
ws-c3650-48fq
isr_1109
ws-c3650-12x48ur
asr_1002-hx
isr_1111x
ws-c3850-24xu
ws-c3850-12x48u
ios
ws-c3650-48pq
ws-c3850-12s
catalyst_c9300l-48t-4x
ws-c3650-8x24uq
ws-c3650-48ts
asr_1004
ws-c3850-24s
ws-c3650-48pd
isr_1160
isr_1120
ws-c3850-24xs
ws-c3850-24t
catalyst_c9300l-24p-4x
catalyst_c9200-48p
catalyst_c9500-12q
ws-c3650-48fs
catalyst_c9200l-48pxg-4x
catalyst_c9200l-48p-4g

8.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.5 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-3475

8.1^/10

5.5^/10

Attach tags to `CVE-2020-3475`