Vulnerability-Lookup

BDU:2020-02751

Vulnerability from fstec - Published: 03.06.2020

Title

Уязвимость реализации функции контроля доступа на основе ролей Role Based Access Control (RBAC) операционной системы Cisco IOS XE, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

Description

Уязвимость реализации функции контроля доступа на основе ролей Role Based Access Control (RBAC) операционной системы Cisco IOS XE связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии и выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco IOS XE

Software Version

16.5.1 (Cisco IOS XE), 16.3.1a (Cisco IOS XE), 16.5.1a (Cisco IOS XE), 16.2.2 (Cisco IOS XE), 16.3.1 (Cisco IOS XE), 16.3.2 (Cisco IOS XE), 16.3.3 (Cisco IOS XE), 16.3.4 (Cisco IOS XE), 16.3.5 (Cisco IOS XE), 16.3.5b (Cisco IOS XE), 16.4.1 (Cisco IOS XE), 16.6.1 (Cisco IOS XE), 16.6.4 (Cisco IOS XE), 16.7.1b (Cisco IOS XE), 16.4.3 (Cisco IOS XE), 16.7.2 (Cisco IOS XE), 16.3.6 (Cisco IOS XE), 16.4.2 (Cisco IOS XE), 16.5.1b (Cisco IOS XE), 16.5.2 (Cisco IOS XE), 16.5.3 (Cisco IOS XE), 16.6.2 (Cisco IOS XE), 16.6.3 (Cisco IOS XE), 16.7.1 (Cisco IOS XE), 16.7.1a (Cisco IOS XE), 16.8.1 (Cisco IOS XE), 16.8.1s (Cisco IOS XE), 16.9.1b (Cisco IOS XE), 16.3.7 (Cisco IOS XE), 16.6.4s (Cisco IOS XE), 16.6.4a (Cisco IOS XE), 16.8.1b (Cisco IOS XE), 16.8.1a (Cisco IOS XE), 16.8.1c (Cisco IOS XE), 16.8.1d (Cisco IOS XE), 16.8.2 (Cisco IOS XE), 16.8.1e (Cisco IOS XE), 16.9.1 (Cisco IOS XE), 16.9.2 (Cisco IOS XE), 16.9.1a (Cisco IOS XE), 16.9.1s (Cisco IOS XE), 16.9.1c (Cisco IOS XE), 16.9.1d (Cisco IOS XE), 16.9.2a (Cisco IOS XE), 16.7.3 (Cisco IOS XE), 16.10.1 (Cisco IOS XE), 16.7.4 (Cisco IOS XE), 16.8.3 (Cisco IOS XE), 16.9.2s (Cisco IOS XE), 16.9.3h (Cisco IOS XE), 16.3.8 (Cisco IOS XE), 16.6.5 (Cisco IOS XE), 16.10.2 (Cisco IOS XE), 16.3.9 (Cisco IOS XE), 16.6.5a (Cisco IOS XE), 16.6.6 (Cisco IOS XE), 16.6.5b (Cisco IOS XE), 16.9.3 (Cisco IOS XE), 16.9.4 (Cisco IOS XE), 16.9.3s (Cisco IOS XE), 16.9.4c (Cisco IOS XE), 16.10.1a (Cisco IOS XE), 16.10.1b (Cisco IOS XE), 16.10.1s (Cisco IOS XE), 16.10.1e (Cisco IOS XE), 16.10.3 (Cisco IOS XE), 16.11.1 (Cisco IOS XE), 16.11.1a (Cisco IOS XE), 16.11.1b (Cisco IOS XE), 16.11.1s (Cisco IOS XE), 16.11.1c (Cisco IOS XE), 16.12.1y (Cisco IOS XE), 16.10.1c (Cisco IOS XE), 16.10.1d (Cisco IOS XE), 16.10.1f (Cisco IOS XE), 16.10.1g (Cisco IOS XE), 16.3.10 (Cisco IOS XE), 16.6.7 (Cisco IOS XE), 16.6.7a (Cisco IOS XE), 16.6.8 (Cisco IOS XE), 16.9.5 (Cisco IOS XE), 16.9.5f (Cisco IOS XE)

Possible Mitigations

Использование рекомендаций: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG https://nvd.nist.gov/vuln/detail/CVE-2020-3229

CWE

CWE-264

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.5.1 (Cisco IOS XE), 16.3.1a (Cisco IOS XE), 16.5.1a (Cisco IOS XE), 16.2.2 (Cisco IOS XE), 16.3.1 (Cisco IOS XE), 16.3.2 (Cisco IOS XE), 16.3.3 (Cisco IOS XE), 16.3.4 (Cisco IOS XE), 16.3.5 (Cisco IOS XE), 16.3.5b (Cisco IOS XE), 16.4.1 (Cisco IOS XE), 16.6.1 (Cisco IOS XE), 16.6.4 (Cisco IOS XE), 16.7.1b (Cisco IOS XE), 16.4.3 (Cisco IOS XE), 16.7.2 (Cisco IOS XE), 16.3.6 (Cisco IOS XE), 16.4.2 (Cisco IOS XE), 16.5.1b (Cisco IOS XE), 16.5.2 (Cisco IOS XE), 16.5.3 (Cisco IOS XE), 16.6.2 (Cisco IOS XE), 16.6.3 (Cisco IOS XE), 16.7.1 (Cisco IOS XE), 16.7.1a (Cisco IOS XE), 16.8.1 (Cisco IOS XE), 16.8.1s (Cisco IOS XE), 16.9.1b (Cisco IOS XE), 16.3.7 (Cisco IOS XE), 16.6.4s (Cisco IOS XE), 16.6.4a (Cisco IOS XE), 16.8.1b (Cisco IOS XE), 16.8.1a (Cisco IOS XE), 16.8.1c (Cisco IOS XE), 16.8.1d (Cisco IOS XE), 16.8.2 (Cisco IOS XE), 16.8.1e (Cisco IOS XE), 16.9.1 (Cisco IOS XE), 16.9.2 (Cisco IOS XE), 16.9.1a (Cisco IOS XE), 16.9.1s (Cisco IOS XE), 16.9.1c (Cisco IOS XE), 16.9.1d (Cisco IOS XE), 16.9.2a (Cisco IOS XE), 16.7.3 (Cisco IOS XE), 16.10.1 (Cisco IOS XE), 16.7.4 (Cisco IOS XE), 16.8.3 (Cisco IOS XE), 16.9.2s (Cisco IOS XE), 16.9.3h (Cisco IOS XE), 16.3.8 (Cisco IOS XE), 16.6.5 (Cisco IOS XE), 16.10.2 (Cisco IOS XE), 16.3.9 (Cisco IOS XE), 16.6.5a (Cisco IOS XE), 16.6.6 (Cisco IOS XE), 16.6.5b (Cisco IOS XE), 16.9.3 (Cisco IOS XE), 16.9.4 (Cisco IOS XE), 16.9.3s (Cisco IOS XE), 16.9.4c (Cisco IOS XE), 16.10.1a (Cisco IOS XE), 16.10.1b (Cisco IOS XE), 16.10.1s (Cisco IOS XE), 16.10.1e (Cisco IOS XE), 16.10.3 (Cisco IOS XE), 16.11.1 (Cisco IOS XE), 16.11.1a (Cisco IOS XE), 16.11.1b (Cisco IOS XE), 16.11.1s (Cisco IOS XE), 16.11.1c (Cisco IOS XE), 16.12.1y (Cisco IOS XE), 16.10.1c (Cisco IOS XE), 16.10.1d (Cisco IOS XE), 16.10.1f (Cisco IOS XE), 16.10.1g (Cisco IOS XE), 16.3.10 (Cisco IOS XE), 16.6.7 (Cisco IOS XE), 16.6.7a (Cisco IOS XE), 16.6.8 (Cisco IOS XE), 16.9.5 (Cisco IOS XE), 16.9.5f (Cisco IOS XE)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.06.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.09.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.06.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02751",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-3229",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS XE",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS XE 16.5.1 , Cisco Systems Inc. Cisco IOS XE 16.3.1a , Cisco Systems Inc. Cisco IOS XE 16.5.1a , Cisco Systems Inc. Cisco IOS XE 16.2.2 , Cisco Systems Inc. Cisco IOS XE 16.3.1 , Cisco Systems Inc. Cisco IOS XE 16.3.2 , Cisco Systems Inc. Cisco IOS XE 16.3.3 , Cisco Systems Inc. Cisco IOS XE 16.3.4 , Cisco Systems Inc. Cisco IOS XE 16.3.5 , Cisco Systems Inc. Cisco IOS XE 16.3.5b , Cisco Systems Inc. Cisco IOS XE 16.4.1 , Cisco Systems Inc. Cisco IOS XE 16.6.1 , Cisco Systems Inc. Cisco IOS XE 16.6.4 , Cisco Systems Inc. Cisco IOS XE 16.7.1b , Cisco Systems Inc. Cisco IOS XE 16.4.3 , Cisco Systems Inc. Cisco IOS XE 16.7.2 , Cisco Systems Inc. Cisco IOS XE 16.3.6 , Cisco Systems Inc. Cisco IOS XE 16.4.2 , Cisco Systems Inc. Cisco IOS XE 16.5.1b , Cisco Systems Inc. Cisco IOS XE 16.5.2 , Cisco Systems Inc. Cisco IOS XE 16.5.3 , Cisco Systems Inc. Cisco IOS XE 16.6.2 , Cisco Systems Inc. Cisco IOS XE 16.6.3 , Cisco Systems Inc. Cisco IOS XE 16.7.1 , Cisco Systems Inc. Cisco IOS XE 16.7.1a , Cisco Systems Inc. Cisco IOS XE 16.8.1 , Cisco Systems Inc. Cisco IOS XE 16.8.1s , Cisco Systems Inc. Cisco IOS XE 16.9.1b , Cisco Systems Inc. Cisco IOS XE 16.3.7 , Cisco Systems Inc. Cisco IOS XE 16.6.4s , Cisco Systems Inc. Cisco IOS XE 16.6.4a , Cisco Systems Inc. Cisco IOS XE 16.8.1b , Cisco Systems Inc. Cisco IOS XE 16.8.1a , Cisco Systems Inc. Cisco IOS XE 16.8.1c , Cisco Systems Inc. Cisco IOS XE 16.8.1d , Cisco Systems Inc. Cisco IOS XE 16.8.2 , Cisco Systems Inc. Cisco IOS XE 16.8.1e , Cisco Systems Inc. Cisco IOS XE 16.9.1 , Cisco Systems Inc. Cisco IOS XE 16.9.2 , Cisco Systems Inc. Cisco IOS XE 16.9.1a , Cisco Systems Inc. Cisco IOS XE 16.9.1s , Cisco Systems Inc. Cisco IOS XE 16.9.1c , Cisco Systems Inc. Cisco IOS XE 16.9.1d , Cisco Systems Inc. Cisco IOS XE 16.9.2a , Cisco Systems Inc. Cisco IOS XE 16.7.3 , Cisco Systems Inc. Cisco IOS XE 16.10.1 , Cisco Systems Inc. Cisco IOS XE 16.7.4 , Cisco Systems Inc. Cisco IOS XE 16.8.3 , Cisco Systems Inc. Cisco IOS XE 16.9.2s , Cisco Systems Inc. Cisco IOS XE 16.9.3h , Cisco Systems Inc. Cisco IOS XE 16.3.8 , Cisco Systems Inc. Cisco IOS XE 16.6.5 , Cisco Systems Inc. Cisco IOS XE 16.10.2 , Cisco Systems Inc. Cisco IOS XE 16.3.9 , Cisco Systems Inc. Cisco IOS XE 16.6.5a , Cisco Systems Inc. Cisco IOS XE 16.6.6 , Cisco Systems Inc. Cisco IOS XE 16.6.5b , Cisco Systems Inc. Cisco IOS XE 16.9.3 , Cisco Systems Inc. Cisco IOS XE 16.9.4 , Cisco Systems Inc. Cisco IOS XE 16.9.3s , Cisco Systems Inc. Cisco IOS XE 16.9.4c , Cisco Systems Inc. Cisco IOS XE 16.10.1a , Cisco Systems Inc. Cisco IOS XE 16.10.1b , Cisco Systems Inc. Cisco IOS XE 16.10.1s , Cisco Systems Inc. Cisco IOS XE 16.10.1e , Cisco Systems Inc. Cisco IOS XE 16.10.3 , Cisco Systems Inc. Cisco IOS XE 16.11.1 , Cisco Systems Inc. Cisco IOS XE 16.11.1a , Cisco Systems Inc. Cisco IOS XE 16.11.1b , Cisco Systems Inc. Cisco IOS XE 16.11.1s , Cisco Systems Inc. Cisco IOS XE 16.11.1c , Cisco Systems Inc. Cisco IOS XE 16.12.1y , Cisco Systems Inc. Cisco IOS XE 16.10.1c , Cisco Systems Inc. Cisco IOS XE 16.10.1d , Cisco Systems Inc. Cisco IOS XE 16.10.1f , Cisco Systems Inc. Cisco IOS XE 16.10.1g , Cisco Systems Inc. Cisco IOS XE 16.3.10 , Cisco Systems Inc. Cisco IOS XE 16.6.7 , Cisco Systems Inc. Cisco IOS XE 16.6.7a , Cisco Systems Inc. Cisco IOS XE 16.6.8 , Cisco Systems Inc. Cisco IOS XE 16.9.5 , Cisco Systems Inc. Cisco IOS XE 16.9.5f ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0440\u043e\u043b\u0435\u0439 Role Based Access Control (RBAC) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS XE, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0440\u043e\u043b\u0435\u0439 Role Based Access Control (RBAC) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS XE \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3229",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CVE-2020-3229 (GCVE-0-2020-3229)

Vulnerability from cvelistv5 – Published: 2020-06-03 17:42 – Updated: 2024-11-15 17:14

Title

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Summary

A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user.

Severity ?

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-264

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS XE Software 16.2.2	Affected: n/a

Date Public ?

2020-06-03 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:58.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOS XE Software Web UI Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3229",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:24:10.419420Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:14:16.257Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software 16.2.2",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:42:18.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOS XE Software Web UI Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webui-PZgQxjfG",
        "defect": [
          [
            "CSCvp95718"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XE Software Web UI Privilege Escalation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3229",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS XE Software Web UI Privilege Escalation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS XE Software 16.2.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS XE Software Web UI Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-webui-PZgQxjfG",
          "defect": [
            [
              "CSCvp95718"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3229",
    "datePublished": "2020-06-03T17:42:18.714Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-11-15T17:14:16.257Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2020-02751

CVE-2020-3229 (GCVE-0-2020-3229)

Tags

Sightings

Nomenclature