CVE-2020-3474: Cisco IOS XE Software Web Management Framework Vulnerabilities
First published: Thu Sep 24 2020(Updated: )
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE Web UI | ||
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco ASR 1001 | ||
| Cisco ASR 1001-X | ||
| Cisco ASR 1002 Fixed Router | ||
| Cisco ASR 1002-X | ||
| Cisco ASR 1004 | ||
| Cisco ASR 1006 | ||
| Cisco ASR 1006-X | ||
| Cisco ASR 1009-X | ||
| Cisco ASR 1013 | ||
| Cisco Catalyst 9800-40 | ||
| Cisco Catalyst 9800-80 | ||
| Cisco Catalyst 9800-CL | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst C9200 | ||
| Cisco Catalyst 9200 Series | ||
| Cisco Catalyst C9200-48P | ||
| Cisco Catalyst 9200 Series | ||
| Cisco Catalyst C9200L-24P-4G | ||
| Cisco Catalyst C9200L-24P-4X | ||
| Cisco Catalyst C9200L-24PXG-2Y | ||
| Cisco Catalyst C9200L-24PXG-4X | ||
| Cisco Catalyst C9200L-24T-4G | ||
| Cisco Catalyst C9200L-24T-4X | ||
| Cisco Catalyst C9200L-48P-4G | ||
| Cisco Catalyst C9200L-48P-4X | ||
| Cisco Catalyst C9200L-48PXG-2Y | ||
| Cisco Catalyst C9200L-48PXG-4X | ||
| Cisco Catalyst C9200L-48T-4G | ||
| Cisco Catalyst C9200L-48T-4X | ||
| Cisco Catalyst C9300-24P | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst 9300-24T-A | ||
| Cisco Catalyst C9300-24U | ||
| Cisco Catalyst 9300-24UX | ||
| Cisco Catalyst C9300-48P | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst 9300-48U | ||
| Cisco Catalyst C9300 Series | ||
| Cisco Catalyst C9300-48UXM | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst C9300L-24P-4X | ||
| Cisco Catalyst 9300L-24T-4G | ||
| Cisco Catalyst 9300 | ||
| Cisco Catalyst C9300L-48P-4G | ||
| Cisco Catalyst 9300 Series Switches | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst C9300L-48T-4X | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst C9500-24Y4C | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst C9500-32QC | ||
| Cisco Catalyst C9500-40x | ||
| Cisco Catalyst C9500-48Y4C | ||
| Cisco Catalyst 3650 Series Switches | ||
| Cisco Catalyst 3650-12X48UR | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650 24 Port PoE Switch (WS-C3650-24PD) | ||
| Cisco Catalyst 3650-24PS | ||
| Cisco Catalyst 3650-24TD Switch | ||
| Cisco Catalyst 3650-24TS | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650-48FQ Switch | ||
| Cisco Catalyst 3650-48FQM Switch | ||
| Cisco Catalyst 3650 Series Switch WS-C3650-48FS | ||
| Cisco Catalyst 3650-48PD | ||
| Cisco Catalyst 3650 Series Switches | ||
| Cisco Catalyst 3650-48PS | ||
| Cisco Catalyst 3650 Series Switches | ||
| Cisco Catalyst 3650 48TQ | ||
| Cisco Catalyst 3650-48TS Switch | ||
| Cisco Catalyst 3650-8X24UQ | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 Series Switches | ||
| Cisco Catalyst 3850 Series Switch | ||
| Cisco Catalyst 3850 Switch (model WS-C3850-12XS) | ||
| Cisco Catalyst 3850 Series Switch | ||
| Cisco Catalyst 3850 Series Switches | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 Series Switch | ||
| Cisco Catalyst 3850 Switch | ||
| Cisco Catalyst 3850-24XU | ||
| Cisco Catalyst 3850 48F Switch | ||
| Cisco Catalyst 3850 48 Port PoE Switch | ||
| Cisco Catalyst 3850 Series Switches | ||
| Cisco Catalyst 3850-48U | ||
| Cisco Catalyst 3850 Series Switches |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-3474?
CVE-2020-3474 is rated as having a high severity, as it allows unauthorized read access to sensitive data.
How do I fix CVE-2020-3474?
To fix CVE-2020-3474, you should update the affected Cisco IOS XE Software to a version that includes the security patches.
What types of attacks can CVE-2020-3474 enable?
CVE-2020-3474 can enable authenticated attackers to gain unauthorized read access to sensitive data or cause the web management software to crash.
Which Cisco devices are affected by CVE-2020-3474?
CVE-2020-3474 affects multiple Cisco IOS XE software versions across various routing and switching devices.
What is the impact of CVE-2020-3474 on affected systems?
The impact of CVE-2020-3474 includes unauthorized access to sensitive data and the possibility of denial of service if the web management software malfunctions.
- agent/type
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios xe web ui
- canonical/cisco 1100 series integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109 integrated services router
- canonical/cisco 111x integrated services router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco asr 1001
- canonical/cisco asr 1001-x
- canonical/cisco asr 1002 fixed router
- canonical/cisco asr 1002-x
- canonical/cisco asr 1004
- canonical/cisco asr 1006
- canonical/cisco asr 1006-x
- canonical/cisco asr 1009-x
- canonical/cisco asr 1013
- canonical/cisco catalyst 9800-40
- canonical/cisco catalyst 9800-80
- canonical/cisco catalyst 9800-cl
- canonical/cisco catalyst 9800-l
- canonical/cisco catalyst c9200
- canonical/cisco catalyst 9200 series
- canonical/cisco catalyst c9200-48p
- canonical/cisco catalyst c9200l-24p-4g
- canonical/cisco catalyst c9200l-24p-4x
- canonical/cisco catalyst c9200l-24pxg-2y
- canonical/cisco catalyst c9200l-24pxg-4x
- canonical/cisco catalyst c9200l-24t-4g
- canonical/cisco catalyst c9200l-24t-4x
- canonical/cisco catalyst c9200l-48p-4g
- canonical/cisco catalyst c9200l-48p-4x
- canonical/cisco catalyst c9200l-48pxg-2y
- canonical/cisco catalyst c9200l-48pxg-4x
- canonical/cisco catalyst c9200l-48t-4g
- canonical/cisco catalyst c9200l-48t-4x
- canonical/cisco catalyst c9300-24p
- canonical/cisco catalyst c9300
- canonical/cisco catalyst 9300-24t-a
- canonical/cisco catalyst c9300-24u
- canonical/cisco catalyst 9300-24ux
- canonical/cisco catalyst c9300-48p
- canonical/cisco catalyst 9300-48u
- canonical/cisco catalyst c9300 series
- canonical/cisco catalyst c9300-48uxm
- canonical/cisco catalyst c9300l-24p-4x
- canonical/cisco catalyst 9300l-24t-4g
- canonical/cisco catalyst 9300
- canonical/cisco catalyst c9300l-48p-4g
- canonical/cisco catalyst 9300 series switches
- canonical/cisco catalyst c9300l-48t-4x
- canonical/cisco catalyst 9500
- canonical/cisco catalyst c9500-24y4c
- canonical/cisco catalyst c9500-32qc
- canonical/cisco catalyst c9500-40x
- canonical/cisco catalyst c9500-48y4c
- canonical/cisco catalyst 3650 series switches
- canonical/cisco catalyst 3650-12x48ur
- canonical/cisco catalyst 3650 series switch
- canonical/cisco catalyst 3650 24 port poe switch (ws-c3650-24pd)
- canonical/cisco catalyst 3650-24ps
- canonical/cisco catalyst 3650-24td switch
- canonical/cisco catalyst 3650-24ts
- canonical/cisco catalyst 3650-48fq switch
- canonical/cisco catalyst 3650-48fqm switch
- canonical/cisco catalyst 3650 series switch ws-c3650-48fs
- canonical/cisco catalyst 3650-48pd
- canonical/cisco catalyst 3650-48ps
- canonical/cisco catalyst 3650 48tq
- canonical/cisco catalyst 3650-48ts switch
- canonical/cisco catalyst 3650-8x24uq
- canonical/cisco catalyst 3850
- canonical/cisco catalyst 3850 series switches
- canonical/cisco catalyst 3850 series switch
- canonical/cisco catalyst 3850 switch (model ws-c3850-12xs)
- canonical/cisco catalyst 3850 switch
- canonical/cisco catalyst 3850-24xu
- canonical/cisco catalyst 3850 48f switch
- canonical/cisco catalyst 3850 48 port poe switch
- canonical/cisco catalyst 3850-48u