What is the severity of CVE-2020-3211?

CVE-2020-3211 has a CVSS score of 7.8, indicating a high severity level.

How do I fix CVE-2020-3211?

To fix CVE-2020-3211, upgrade to a version of Cisco IOS XE that has addressed the vulnerability, as detailed in the Cisco security advisory.

Who is affected by CVE-2020-3211?

CVE-2020-3211 affects authenticated users with access to the web UI of Cisco IOS XE Software versions specified in the advisory.

What types of attacks are possible with CVE-2020-3211?

An attacker could execute arbitrary commands with root privileges, potentially compromising the underlying operating system.

Is CVE-2020-3211 exploitable remotely?

Yes, CVE-2020-3211 is exploitable remotely if the attacker has valid credentials to access the web UI.

Vulnerability/
CVE-2020-3211

critical

CWE

78 77

3/6/2020

15/11/2024

CVE-2020-3211: Cisco IOS XE Software Web UI Command Injection Vulnerability

First published: Wed Jun 03 2020(Updated: )

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS XE	=16.10.1
Cisco IOS XE	=16.10.1a
Cisco IOS XE	=16.10.1b
Cisco IOS XE	=16.10.1e
Cisco IOS XE	=16.10.1s
Cisco IOS XE	=16.10.2
Cisco IOS XE	=16.11.1
Cisco IOS XE	=16.11.1a
Cisco IOS XE	=16.11.1b
Cisco IOS XE	=16.11.1c
Cisco IOS XE	=16.11.1s
Cisco IOS XE	=16.12.1
Cisco IOS XE	=16.12.1a
Cisco IOS XE	=16.12.1c
Cisco IOS XE	=16.12.1s
Cisco IOS XE	=16.12.1t

Remedy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj4-S2TmH7GA

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj4-S2TmH7GA

Frequently Asked Questions

What is the severity of CVE-2020-3211?
CVE-2020-3211 has a CVSS score of 7.8, indicating a high severity level.
How do I fix CVE-2020-3211?
To fix CVE-2020-3211, upgrade to a version of Cisco IOS XE that has addressed the vulnerability, as detailed in the Cisco security advisory.
Who is affected by CVE-2020-3211?
CVE-2020-3211 affects authenticated users with access to the web UI of Cisco IOS XE Software versions specified in the advisory.
What types of attacks are possible with CVE-2020-3211?
An attacker could execute arbitrary commands with root privileges, potentially compromising the underlying operating system.
Is CVE-2020-3211 exploitable remotely?
Yes, CVE-2020-3211 is exploitable remotely if the attacker has valid credentials to access the web UI.

collector/nvd-index
agent/type
agent/weakness
agent/softwarecombine
agent/references
agent/severity
agent/remedy
agent/title
agent/author
agent/description
agent/tags
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/cisco
canonical/cisco ios xe
version/cisco ios xe/16.10.1
version/cisco ios xe/16.10.1a
version/cisco ios xe/16.10.1b
version/cisco ios xe/16.10.1e
version/cisco ios xe/16.10.1s
version/cisco ios xe/16.10.2
version/cisco ios xe/16.11.1
version/cisco ios xe/16.11.1a
version/cisco ios xe/16.11.1b
version/cisco ios xe/16.11.1c
version/cisco ios xe/16.11.1s
version/cisco ios xe/16.12.1
version/cisco ios xe/16.12.1a
version/cisco ios xe/16.12.1c
version/cisco ios xe/16.12.1s
version/cisco ios xe/16.12.1t