What is the severity of CVE-2020-3218?

CVE-2020-3218 has been assigned a CVSS severity score of 9.8, indicating it is a critical vulnerability.

How do I fix CVE-2020-3218?

To fix CVE-2020-3218, upgrade to a patched version of Cisco IOS XE Software that addresses this vulnerability.

Who is affected by CVE-2020-3218?

CVE-2020-3218 affects users of Cisco IOS XE Software running specific vulnerable versions.

What does CVE-2020-3218 allow an attacker to do?

CVE-2020-3218 allows an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux shell.

Is authentication required to exploit CVE-2020-3218?

Yes, exploitation of CVE-2020-3218 requires administrative privileges for authentication.

Vulnerability/
CVE-2020-3218

critical

CWE

3/6/2020

15/11/2024

CVE-2020-3218: Cisco IOS XE Software Web UI Remote Code Execution Vulnerability

First published: Wed Jun 03 2020(Updated: )

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by first creating a malicious file on the affected device itself and then uploading a second malicious file to the device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or bypass licensing requirements on the device.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS XE	=16.6.1
Cisco IOS XE	=16.6.2
Cisco IOS XE	=16.6.3
Cisco IOS XE	=16.6.4
Cisco IOS XE	=16.6.4a
Cisco IOS XE	=16.6.4s
Cisco IOS XE	=16.6.5
Cisco IOS XE	=16.6.5a
Cisco IOS XE	=16.6.5b
Cisco IOS XE	=16.6.6
Cisco IOS XE	=16.6.7
Cisco IOS XE	=16.6.7a
Cisco IOS XE	=16.7.1
Cisco IOS XE	=16.7.1a
Cisco IOS XE	=16.7.1b
Cisco IOS XE	=16.7.2
Cisco IOS XE	=16.7.3
Cisco IOS XE	=16.7.4
Cisco IOS XE	=16.8.1
Cisco IOS XE	=16.8.1a
Cisco IOS XE	=16.8.1b
Cisco IOS XE	=16.8.1c
Cisco IOS XE	=16.8.1d
Cisco IOS XE	=16.8.1e
Cisco IOS XE	=16.8.1s
Cisco IOS XE	=16.8.2
Cisco IOS XE	=16.8.3
Cisco IOS XE	=16.9.1
Cisco IOS XE	=16.9.1a
Cisco IOS XE	=16.9.1b
Cisco IOS XE	=16.9.1c
Cisco IOS XE	=16.9.1d
Cisco IOS XE	=16.9.1s
Cisco IOS XE	=16.9.2
Cisco IOS XE	=16.9.2a
Cisco IOS XE	=16.9.2s
Cisco IOS XE	=16.9.3
Cisco IOS XE	=16.9.3a
Cisco IOS XE	=16.9.3h
Cisco IOS XE	=16.9.3s
Cisco IOS XE	=16.9.4
Cisco IOS XE	=16.9.4c
Cisco IOS XE	=16.10.1
Cisco IOS XE	=16.10.1a
Cisco IOS XE	=16.10.1b
Cisco IOS XE	=16.10.1c
Cisco IOS XE	=16.10.1d
Cisco IOS XE	=16.10.1e
Cisco IOS XE	=16.10.1f
Cisco IOS XE	=16.10.1g
Cisco IOS XE	=16.10.1s
Cisco IOS XE	=16.10.2
Cisco IOS XE	=16.11.1
Cisco IOS XE	=16.11.1a
Cisco IOS XE	=16.11.1b
Cisco IOS XE	=16.11.1c
Cisco IOS XE	=16.11.1s
Cisco IOS XE	=16.12.1y

Remedy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD

Frequently Asked Questions

What is the severity of CVE-2020-3218?
CVE-2020-3218 has been assigned a CVSS severity score of 9.8, indicating it is a critical vulnerability.
How do I fix CVE-2020-3218?
To fix CVE-2020-3218, upgrade to a patched version of Cisco IOS XE Software that addresses this vulnerability.
Who is affected by CVE-2020-3218?
CVE-2020-3218 affects users of Cisco IOS XE Software running specific vulnerable versions.
What does CVE-2020-3218 allow an attacker to do?
CVE-2020-3218 allows an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux shell.
Is authentication required to exploit CVE-2020-3218?
Yes, exploitation of CVE-2020-3218 requires administrative privileges for authentication.

collector/nvd-index
agent/type
agent/softwarecombine
agent/weakness
agent/references
agent/remedy
agent/title
agent/author
agent/severity
agent/description
agent/tags
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/cisco
canonical/cisco ios xe
version/cisco ios xe/16.6.1
version/cisco ios xe/16.6.2
version/cisco ios xe/16.6.3
version/cisco ios xe/16.6.4
version/cisco ios xe/16.6.4a
version/cisco ios xe/16.6.4s
version/cisco ios xe/16.6.5
version/cisco ios xe/16.6.5a
version/cisco ios xe/16.6.5b
version/cisco ios xe/16.6.6
version/cisco ios xe/16.6.7
version/cisco ios xe/16.6.7a
version/cisco ios xe/16.7.1
version/cisco ios xe/16.7.1a
version/cisco ios xe/16.7.1b
version/cisco ios xe/16.7.2
version/cisco ios xe/16.7.3
version/cisco ios xe/16.7.4
version/cisco ios xe/16.8.1
version/cisco ios xe/16.8.1a
version/cisco ios xe/16.8.1b
version/cisco ios xe/16.8.1c
version/cisco ios xe/16.8.1d
version/cisco ios xe/16.8.1e
version/cisco ios xe/16.8.1s
version/cisco ios xe/16.8.2
version/cisco ios xe/16.8.3
version/cisco ios xe/16.9.1
version/cisco ios xe/16.9.1a
version/cisco ios xe/16.9.1b
version/cisco ios xe/16.9.1c
version/cisco ios xe/16.9.1d
version/cisco ios xe/16.9.1s
version/cisco ios xe/16.9.2
version/cisco ios xe/16.9.2a
version/cisco ios xe/16.9.2s
version/cisco ios xe/16.9.3
version/cisco ios xe/16.9.3a
version/cisco ios xe/16.9.3h
version/cisco ios xe/16.9.3s
version/cisco ios xe/16.9.4
version/cisco ios xe/16.9.4c
version/cisco ios xe/16.10.1
version/cisco ios xe/16.10.1a
version/cisco ios xe/16.10.1b
version/cisco ios xe/16.10.1c
version/cisco ios xe/16.10.1d
version/cisco ios xe/16.10.1e
version/cisco ios xe/16.10.1f
version/cisco ios xe/16.10.1g
version/cisco ios xe/16.10.1s
version/cisco ios xe/16.10.2
version/cisco ios xe/16.11.1
version/cisco ios xe/16.11.1a
version/cisco ios xe/16.11.1b
version/cisco ios xe/16.11.1c
version/cisco ios xe/16.11.1s
version/cisco ios xe/16.12.1y

CVE-2020-3218: Cisco IOS XE Software Web UI Remote Code Execution Vulnerability

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-3218?

How do I fix CVE-2020-3218?

Who is affected by CVE-2020-3218?

What does CVE-2020-3218 allow an attacker to do?

Is authentication required to exploit CVE-2020-3218?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2020-3218?

How do I fix CVE-2020-3218?

Who is affected by CVE-2020-3218?

What does CVE-2020-3218 allow an attacker to do?

Is authentication required to exploit CVE-2020-3218?