CVE-2020-3223: Cisco IOS XE Software Web UI Arbitrary File Read Vulnerability

First published: Wed Jun 03 2020(Updated: )

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem.

Credit: ykramarz@cisco.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• agent/title
• agent/weakness
• agent/author
• agent/severity
• agent/remedy
• agent/references
• agent/last-modified-date
• agent/tags
• agent/first-publish-date
• agent/event
• agent/description
• vendor/cisco
• canonical/cisco ios xe
• version/cisco ios xe/16.9.4
• version/cisco ios xe/16.9.4c
• version/cisco ios xe/16.11.1
• version/cisco ios xe/16.11.1a
• version/cisco ios xe/16.11.1b
• version/cisco ios xe/16.11.1c
• version/cisco ios xe/16.11.1s
• version/cisco ios xe/16.11.2
• version/cisco ios xe/16.12.1
• version/cisco ios xe/16.12.1a
• version/cisco ios xe/16.12.1c
• version/cisco ios xe/16.12.1s
• version/cisco ios xe/16.12.1t
• version/cisco ios xe/16.12.1w
• version/cisco ios xe/16.12.1y