First published: Wed Jun 03 2020(Updated: )
A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE Software | =3.7.0e | |
Cisco IOS XE Software | =3.7.1e | |
Cisco IOS XE Software | =3.7.2e | |
Cisco IOS XE Software | =3.7.3e | |
Cisco IOS XE Software | =3.7.4e | |
Cisco IOS XE Software | =3.7.5e | |
Cisco IOS XE Software | =3.8.0e | |
Cisco IOS XE Software | =3.8.0s | |
Cisco IOS XE Software | =3.8.1e | |
Cisco IOS XE Software | =3.8.1s | |
Cisco IOS XE Software | =3.8.2e | |
Cisco IOS XE Software | =3.8.2s | |
Cisco IOS XE Software | =3.8.3e | |
Cisco IOS XE Software | =3.8.4e | |
Cisco IOS XE Software | =3.8.5ae | |
Cisco IOS XE Software | =3.8.5e | |
Cisco IOS XE Software | =3.8.6e | |
Cisco IOS XE Software | =3.8.7e | |
Cisco IOS XE Software | =3.8.8e | |
Cisco IOS XE Software | =3.9.0as | |
Cisco IOS XE Software | =3.9.0e | |
Cisco IOS XE Software | =3.9.0s | |
Cisco IOS XE Software | =3.9.1as | |
Cisco IOS XE Software | =3.9.1e | |
Cisco IOS XE Software | =3.9.1s | |
Cisco IOS XE Software | =3.9.2be | |
Cisco IOS XE Software | =3.9.2e | |
Cisco IOS XE Software | =3.9.2s | |
Cisco IOS XE Software | =3.10.0ce | |
Cisco IOS XE Software | =3.10.0e | |
Cisco IOS XE Software | =3.10.0s | |
Cisco IOS XE Software | =3.10.1ae | |
Cisco IOS XE Software | =3.10.1e | |
Cisco IOS XE Software | =3.10.1s | |
Cisco IOS XE Software | =3.10.1se | |
Cisco IOS XE Software | =3.10.2as | |
Cisco IOS XE Software | =3.10.2e | |
Cisco IOS XE Software | =3.10.2s | |
Cisco IOS XE Software | =3.10.2ts | |
Cisco IOS XE Software | =3.10.3e | |
Cisco IOS XE Software | =3.10.3s | |
Cisco IOS XE Software | =3.10.4s | |
Cisco IOS XE Software | =3.10.5s | |
Cisco IOS XE Software | =3.10.6s | |
Cisco IOS XE Software | =3.10.7s | |
Cisco IOS XE Software | =3.10.8as | |
Cisco IOS XE Software | =3.10.8s | |
Cisco IOS XE Software | =3.10.9s | |
Cisco IOS XE Software | =3.10.10s | |
Cisco IOS XE Software | =3.11.0e | |
Cisco IOS XE Software | =3.11.0s | |
Cisco IOS XE Software | =3.11.1s | |
Cisco IOS XE Software | =3.11.2s | |
Cisco IOS XE Software | =3.11.3e | |
Cisco IOS XE Software | =3.11.3s | |
Cisco IOS XE Software | =3.11.4s | |
Cisco IOS XE Software | =3.12.0as | |
Cisco IOS XE Software | =3.12.0s | |
Cisco IOS XE Software | =3.12.1s | |
Cisco IOS XE Software | =3.12.2s | |
Cisco IOS XE Software | =3.12.3s | |
Cisco IOS XE Software | =3.12.4s | |
Cisco IOS XE Software | =3.13.0as | |
Cisco IOS XE Software | =3.13.0s | |
Cisco IOS XE Software | =3.13.1s | |
Cisco IOS XE Software | =3.13.2as | |
Cisco IOS XE Software | =3.13.2s | |
Cisco IOS XE Software | =3.13.3s | |
Cisco IOS XE Software | =3.13.4s | |
Cisco IOS XE Software | =3.13.5as | |
Cisco IOS XE Software | =3.13.5s | |
Cisco IOS XE Software | =3.13.6as | |
Cisco IOS XE Software | =3.13.6bs | |
Cisco IOS XE Software | =3.13.6s | |
Cisco IOS XE Software | =3.13.7as | |
Cisco IOS XE Software | =3.13.7s | |
Cisco IOS XE Software | =3.13.8s | |
Cisco IOS XE Software | =3.13.9s | |
Cisco IOS XE Software | =3.13.10s | |
Cisco IOS XE Software | =3.14.0s | |
Cisco IOS XE Software | =3.14.1s | |
Cisco IOS XE Software | =3.14.2s | |
Cisco IOS XE Software | =3.14.3s | |
Cisco IOS XE Software | =3.14.4s | |
Cisco IOS XE Software | =3.15.0s | |
Cisco IOS XE Software | =3.15.1cs | |
Cisco IOS XE Software | =3.15.1s | |
Cisco IOS XE Software | =3.15.2s | |
Cisco IOS XE Software | =3.15.3s | |
Cisco IOS XE Software | =3.15.4s | |
Cisco IOS XE Software | =3.16.0as | |
Cisco IOS XE Software | =3.16.0bs | |
Cisco IOS XE Software | =3.16.0cs | |
Cisco IOS XE Software | =3.16.0s | |
Cisco IOS XE Software | =3.16.1as | |
Cisco IOS XE Software | =3.16.1s | |
Cisco IOS XE Software | =3.16.2as | |
Cisco IOS XE Software | =3.16.2bs | |
Cisco IOS XE Software | =3.16.2s | |
Cisco IOS XE Software | =3.16.3as | |
Cisco IOS XE Software | =3.16.3s | |
Cisco IOS XE Software | =3.16.4as | |
Cisco IOS XE Software | =3.16.4bs | |
Cisco IOS XE Software | =3.16.4cs | |
Cisco IOS XE Software | =3.16.4ds | |
Cisco IOS XE Software | =3.16.4es | |
Cisco IOS XE Software | =3.16.4gs | |
Cisco IOS XE Software | =3.16.4s | |
Cisco IOS XE Software | =3.16.5as | |
Cisco IOS XE Software | =3.16.5bs | |
Cisco IOS XE Software | =3.16.5s | |
Cisco IOS XE Software | =3.16.6bs | |
Cisco IOS XE Software | =3.16.6s | |
Cisco IOS XE Software | =3.16.7as | |
Cisco IOS XE Software | =3.16.7bs | |
Cisco IOS XE Software | =3.16.7s | |
Cisco IOS XE Software | =3.16.8s | |
Cisco IOS XE Software | =3.16.9s | |
Cisco IOS XE Software | =3.17.0s | |
Cisco IOS XE Software | =3.17.1as | |
Cisco IOS XE Software | =3.17.1s | |
Cisco IOS XE Software | =3.17.2s | |
Cisco IOS XE Software | =3.17.3s | |
Cisco IOS XE Software | =3.17.4s | |
Cisco IOS XE Software | =3.18.0as | |
Cisco IOS XE Software | =3.18.0s | |
Cisco IOS XE Software | =3.18.0sp | |
Cisco IOS XE Software | =3.18.1asp | |
Cisco IOS XE Software | =3.18.1bsp | |
Cisco IOS XE Software | =3.18.1csp | |
Cisco IOS XE Software | =3.18.1gsp | |
Cisco IOS XE Software | =3.18.1hsp | |
Cisco IOS XE Software | =3.18.1isp | |
Cisco IOS XE Software | =3.18.1s | |
Cisco IOS XE Software | =3.18.1sp | |
Cisco IOS XE Software | =3.18.2asp | |
Cisco IOS XE Software | =3.18.2s | |
Cisco IOS XE Software | =3.18.2sp | |
Cisco IOS XE Software | =3.18.3asp | |
Cisco IOS XE Software | =3.18.3bsp | |
Cisco IOS XE Software | =3.18.3s | |
Cisco IOS XE Software | =3.18.3sp | |
Cisco IOS XE Software | =3.18.4s | |
Cisco IOS XE Software | =3.18.4sp | |
Cisco IOS XE Software | =3.18.5sp | |
Cisco IOS XE Software | =3.18.6sp | |
Cisco IOS XE Software | =16.1.1 | |
Cisco IOS XE Software | =16.1.2 | |
Cisco IOS XE Software | =16.1.3 | |
Cisco IOS XE Software | =16.2.1 | |
Cisco IOS XE Software | =16.2.2 | |
Cisco IOS XE Software | =16.3.1 | |
Cisco IOS XE Software | =16.3.1a | |
Cisco IOS XE Software | =16.3.2 | |
Cisco IOS XE Software | =16.3.3 | |
Cisco IOS XE Software | =16.3.4 | |
Cisco IOS XE Software | =16.3.5 | |
Cisco IOS XE Software | =16.3.5b | |
Cisco IOS XE Software | =16.3.6 | |
Cisco IOS XE Software | =16.3.7 | |
Cisco IOS XE Software | =16.3.8 | |
Cisco IOS XE Software | =16.3.9 | |
Cisco IOS XE Software | =16.4.1 | |
Cisco IOS XE Software | =16.4.2 | |
Cisco IOS XE Software | =16.4.3 | |
Cisco IOS XE Software | =16.5.1 | |
Cisco IOS XE Software | =16.5.1a | |
Cisco IOS XE Software | =16.5.1b | |
Cisco IOS XE Software | =16.5.2 | |
Cisco IOS XE Software | =16.5.3 | |
Cisco IOS XE Software | =16.6.1 | |
Cisco IOS XE Software | =16.6.2 | |
Cisco IOS XE Software | =16.6.3 | |
Cisco IOS XE Software | =16.6.4 | |
Cisco IOS XE Software | =16.6.4a | |
Cisco IOS XE Software | =16.6.4s | |
Cisco IOS XE Software | =16.6.5 | |
Cisco IOS XE Software | =16.6.5a | |
Cisco IOS XE Software | =16.6.5b | |
Cisco IOS XE Software | =16.6.6 | |
Cisco IOS XE Software | =16.7.1 | |
Cisco IOS XE Software | =16.7.1a | |
Cisco IOS XE Software | =16.7.1b | |
Cisco IOS XE Software | =16.7.2 | |
Cisco IOS XE Software | =16.7.3 | |
Cisco IOS XE Software | =16.7.4 | |
Cisco IOS XE Software | =16.8.1 | |
Cisco IOS XE Software | =16.8.1a | |
Cisco IOS XE Software | =16.8.1b | |
Cisco IOS XE Software | =16.8.1c | |
Cisco IOS XE Software | =16.8.1d | |
Cisco IOS XE Software | =16.8.1e | |
Cisco IOS XE Software | =16.8.1s | |
Cisco IOS XE Software | =16.8.2 | |
Cisco IOS XE Software | =16.8.3 | |
Cisco IOS XE Software | =16.9.1 | |
Cisco IOS XE Software | =16.9.1a | |
Cisco IOS XE Software | =16.9.1b | |
Cisco IOS XE Software | =16.9.1c | |
Cisco IOS XE Software | =16.9.1d | |
Cisco IOS XE Software | =16.9.1s | |
Cisco IOS XE Software | =16.9.2 | |
Cisco IOS XE Software | =16.9.2a | |
Cisco IOS XE Software | =16.9.2s | |
Cisco IOS XE Software | =16.9.3 | |
Cisco IOS XE Software | =16.9.3a | |
Cisco IOS XE Software | =16.9.3h | |
Cisco IOS XE Software | =16.9.3s | |
Cisco IOS XE Software | =16.10.1 | |
Cisco IOS XE Software | =16.10.1a | |
Cisco IOS XE Software | =16.10.1b | |
Cisco IOS XE Software | =16.10.1c | |
Cisco IOS XE Software | =16.10.1d | |
Cisco IOS XE Software | =16.10.1e | |
Cisco IOS XE Software | =16.10.1f | |
Cisco IOS XE Software | =16.10.1g | |
Cisco IOS XE Software | =16.10.1s | |
Cisco IOS XE Software | =16.10.2 | |
Cisco IOS XE Software | =16.11.1 | |
Cisco IOS XE Software | =16.11.1a | |
Cisco IOS XE Software | =16.11.1b | |
Cisco IOS XE Software | =16.11.1c | |
Cisco IOS XE Software | =16.11.1s | |
Cisco IOS XE Software | =16.12.1y |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3215 is rated as a high severity vulnerability allowing unauthorized root-level access to Cisco IOS XE devices.
To remediate CVE-2020-3215, update to the latest patched version of Cisco IOS XE as recommended by Cisco.
CVE-2020-3215 is a privilege escalation vulnerability affecting the Virtual Services Container in Cisco IOS XE.
CVE-2020-3215 affects authenticated local users of specific versions of Cisco IOS XE software.
Administrators should assess their systems for affected Cisco IOS XE versions and apply necessary firmware updates to fix CVE-2020-3215.