CVE-2020-3214: Cisco IOS XE Software Privilege Escalation Vulnerability
First published: Wed Jun 03 2020(Updated: )
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE Web UI | =16.11.1 | |
| Cisco IOS XE Web UI | =16.11.1a | |
| Cisco IOS XE Web UI | =16.11.1b | |
| Cisco IOS XE Web UI | =16.11.1c | |
| Cisco IOS XE Web UI | =16.11.1s | |
| Cisco IOS XE Web UI | =16.11.2 | |
| Cisco IOS XE Web UI | =16.12.1 | |
| Cisco IOS XE Web UI | =16.12.1a | |
| Cisco IOS XE Web UI | =16.12.1c | |
| Cisco IOS XE Web UI | =16.12.1s | |
| Cisco IOS XE Web UI | =16.12.1t | |
| Cisco IOS XE Web UI | =16.12.1w | |
| Cisco IOS XE Web UI | =16.12.1x | |
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco 422 Integrated Services Router | ||
| Cisco 4331/k9-rf Integrated Services Router | ||
| Cisco 4431 Integrated Services Router | ||
| Cisco 4441 Integrated Services Router | ||
| Cisco ASR 1000 series software | ||
| Cisco ASR 1001 | ||
| Cisco ASR 1001-X | ||
| Cisco ASR 1002 Fixed Router | ||
| Cisco ASR 1002-X | ||
| Cisco ASR 1004 | ||
| Cisco ASR 1006 | ||
| Cisco ASR 1013 | ||
| Cisco Catalyst 9800-40 | ||
| Cisco Catalyst 9800-80 | ||
| Cisco Catalyst 9800-CL | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst C9200 | ||
| Cisco Catalyst 9200 Series | ||
| Cisco Catalyst C9200-48P | ||
| Cisco Catalyst 9200 Series | ||
| Cisco Catalyst C9200L-24P-4G | ||
| Cisco Catalyst C9200L-24P-4X | ||
| Cisco Catalyst C9200L-24PXG-2Y | ||
| Cisco Catalyst C9200L-24PXG-4X | ||
| Cisco Catalyst C9200L-24T-4G | ||
| Cisco Catalyst C9200L-24T-4X | ||
| Cisco Catalyst C9200L-48P-4G | ||
| Cisco Catalyst C9200L-48P-4X | ||
| Cisco Catalyst C9200L-48PXG-2Y | ||
| Cisco Catalyst C9200L-48PXG-4X | ||
| Cisco Catalyst C9200L-48T-4G | ||
| Cisco Catalyst C9200L-48T-4X | ||
| Cisco Catalyst C9300-24P | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst 9300-24T-A | ||
| Cisco Catalyst C9300-24U | ||
| Cisco Catalyst 9300-24UX | ||
| Cisco Catalyst C9300-48P | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst 9300-48U | ||
| Cisco Catalyst C9300 Series | ||
| Cisco Catalyst C9300-48UXM | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst C9300L-24P-4X | ||
| Cisco Catalyst 9300L-24T-4G | ||
| Cisco Catalyst 9300 | ||
| Cisco Catalyst C9300L-48P-4G | ||
| Cisco Catalyst 9300 Series Switches | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst C9300L-48T-4X | ||
| Cisco Catalyst C9404R | ||
| Cisco Catalyst 9407R | ||
| Cisco Catalyst 9410R | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst C9500-24Y4C | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst C9500-32QC | ||
| Cisco Catalyst C9500-40x | ||
| Cisco Catalyst C9500-48Y4C | ||
| Cisco Nexus 1000V for Hyper-V | ||
| Cisco Catalyst 3650 Series Switches | ||
| Cisco Catalyst 3650-12X48UR | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650 24 Port PoE Switch (WS-C3650-24PD) | ||
| Cisco Catalyst 3650-24PS | ||
| Cisco Catalyst 3650-24TD Switch | ||
| Cisco Catalyst 3650-24TS | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650-48FQ Switch | ||
| Cisco Catalyst 3650-48FQM Switch | ||
| Cisco Catalyst 3650 Series Switch WS-C3650-48FS | ||
| Cisco Catalyst 3650-48PD | ||
| Cisco Catalyst 3650 Series Switches | ||
| Cisco Catalyst 3650-48PS | ||
| Cisco Catalyst 3650 Series Switches | ||
| Cisco Catalyst 3650 48TQ | ||
| Cisco Catalyst 3650-48TS Switch | ||
| Cisco Catalyst 3650-8X24UQ | ||
| Cisco Catalyst 3850 Series Switches | ||
| Cisco Catalyst 3850 Series Switch | ||
| Cisco Catalyst 3850 Switch (model WS-C3850-12XS) | ||
| Cisco Catalyst 3850 Series Switch | ||
| Cisco Catalyst 3850 Series Switches | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 Series Switch | ||
| Cisco Catalyst 3850 Switch | ||
| Cisco Catalyst 3850-24XU | ||
| Cisco Catalyst 3850 48F Switch | ||
| Cisco Catalyst 3850 48 Port PoE Switch | ||
| Cisco Catalyst 3850 Series Switches | ||
| Cisco Catalyst 3850-48U | ||
| Cisco Catalyst 3850 Series Switches |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-3214?
The severity of CVE-2020-3214 is rated as high due to its potential for unauthorized privilege escalation.
How do I fix CVE-2020-3214?
To fix CVE-2020-3214, you need to update the affected Cisco IOS XE Software to the latest secure version as specified in the advisory.
Who is affected by CVE-2020-3214?
CVE-2020-3214 affects users of Cisco IOS XE Software versions 16.11.1, 16.11.1a, 16.11.1b, 16.11.1c, 16.11.1s, 16.11.2, 16.12.1, 16.12.1a, 16.12.1c, 16.12.1s, 16.12.1t, 16.12.1w, and 16.12.1x.
What types of attacks can CVE-2020-3214 enable?
CVE-2020-3214 can enable local authenticated attackers to escalate privileges to root-level access.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios xe web ui
- version/cisco ios xe web ui/16.11.1
- version/cisco ios xe web ui/16.11.1a
- version/cisco ios xe web ui/16.11.1b
- version/cisco ios xe web ui/16.11.1c
- version/cisco ios xe web ui/16.11.1s
- version/cisco ios xe web ui/16.11.2
- version/cisco ios xe web ui/16.12.1
- version/cisco ios xe web ui/16.12.1a
- version/cisco ios xe web ui/16.12.1c
- version/cisco ios xe web ui/16.12.1s
- version/cisco ios xe web ui/16.12.1t
- version/cisco ios xe web ui/16.12.1w
- version/cisco ios xe web ui/16.12.1x
- canonical/cisco 1100 series integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109 integrated services router
- canonical/cisco 111x integrated services router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco 422 integrated services router
- canonical/cisco 4331/k9-rf integrated services router
- canonical/cisco 4431 integrated services router
- canonical/cisco 4441 integrated services router
- canonical/cisco asr 1000 series software
- canonical/cisco asr 1001
- canonical/cisco asr 1001-x
- canonical/cisco asr 1002 fixed router
- canonical/cisco asr 1002-x
- canonical/cisco asr 1004
- canonical/cisco asr 1006
- canonical/cisco asr 1013
- canonical/cisco catalyst 9800-40
- canonical/cisco catalyst 9800-80
- canonical/cisco catalyst 9800-cl
- canonical/cisco catalyst 9800-l
- canonical/cisco catalyst c9200
- canonical/cisco catalyst 9200 series
- canonical/cisco catalyst c9200-48p
- canonical/cisco catalyst c9200l-24p-4g
- canonical/cisco catalyst c9200l-24p-4x
- canonical/cisco catalyst c9200l-24pxg-2y
- canonical/cisco catalyst c9200l-24pxg-4x
- canonical/cisco catalyst c9200l-24t-4g
- canonical/cisco catalyst c9200l-24t-4x
- canonical/cisco catalyst c9200l-48p-4g
- canonical/cisco catalyst c9200l-48p-4x
- canonical/cisco catalyst c9200l-48pxg-2y
- canonical/cisco catalyst c9200l-48pxg-4x
- canonical/cisco catalyst c9200l-48t-4g
- canonical/cisco catalyst c9200l-48t-4x
- canonical/cisco catalyst c9300-24p
- canonical/cisco catalyst c9300
- canonical/cisco catalyst 9300-24t-a
- canonical/cisco catalyst c9300-24u
- canonical/cisco catalyst 9300-24ux
- canonical/cisco catalyst c9300-48p
- canonical/cisco catalyst 9300-48u
- canonical/cisco catalyst c9300 series
- canonical/cisco catalyst c9300-48uxm
- canonical/cisco catalyst c9300l-24p-4x
- canonical/cisco catalyst 9300l-24t-4g
- canonical/cisco catalyst 9300
- canonical/cisco catalyst c9300l-48p-4g
- canonical/cisco catalyst 9300 series switches
- canonical/cisco catalyst c9300l-48t-4x
- canonical/cisco catalyst c9404r
- canonical/cisco catalyst 9407r
- canonical/cisco catalyst 9410r
- canonical/cisco catalyst 9500
- canonical/cisco catalyst c9500-24y4c
- canonical/cisco catalyst c9500-32qc
- canonical/cisco catalyst c9500-40x
- canonical/cisco catalyst c9500-48y4c
- canonical/cisco nexus 1000v for hyper-v
- canonical/cisco catalyst 3650 series switches
- canonical/cisco catalyst 3650-12x48ur
- canonical/cisco catalyst 3650 series switch
- canonical/cisco catalyst 3650 24 port poe switch (ws-c3650-24pd)
- canonical/cisco catalyst 3650-24ps
- canonical/cisco catalyst 3650-24td switch
- canonical/cisco catalyst 3650-24ts
- canonical/cisco catalyst 3650-48fq switch
- canonical/cisco catalyst 3650-48fqm switch
- canonical/cisco catalyst 3650 series switch ws-c3650-48fs
- canonical/cisco catalyst 3650-48pd
- canonical/cisco catalyst 3650-48ps
- canonical/cisco catalyst 3650 48tq
- canonical/cisco catalyst 3650-48ts switch
- canonical/cisco catalyst 3650-8x24uq
- canonical/cisco catalyst 3850 series switches
- canonical/cisco catalyst 3850 series switch
- canonical/cisco catalyst 3850 switch (model ws-c3850-12xs)
- canonical/cisco catalyst 3850
- canonical/cisco catalyst 3850 switch
- canonical/cisco catalyst 3850-24xu
- canonical/cisco catalyst 3850 48f switch
- canonical/cisco catalyst 3850 48 port poe switch
- canonical/cisco catalyst 3850-48u