CVE-2020-3475: Cisco IOS XE Software Web Management Framework Vulnerabilities
First published: Thu Sep 24 2020(Updated: )
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | ||
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco ASR 1001 | ||
| Cisco ASR 1001-X | ||
| Cisco ASR 1002 Fixed Router | ||
| Cisco ASR 1002-X | ||
| Cisco ASR 1004 | ||
| Cisco ASR 1006 | ||
| Cisco ASR 1006-X | ||
| Cisco ASR 1009-X | ||
| Cisco ASR 1013 | ||
| Cisco Catalyst 9800-40 | ||
| Cisco Catalyst 9800-80 | ||
| Cisco Catalyst 9800-CL | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst C9200 | ||
| Cisco Catalyst 9200 Series | ||
| Cisco Catalyst C9200-48P | ||
| Cisco Catalyst 9200 Series | ||
| Cisco Catalyst C9200L-24P-4G | ||
| Cisco Catalyst C9200L-24P-4X | ||
| Cisco Catalyst C9200L-24PXG-2Y | ||
| Cisco Catalyst C9200L-24PXG-4X | ||
| Cisco Catalyst C9200L-24T-4G | ||
| Cisco Catalyst C9200L-24T-4X | ||
| Cisco Catalyst C9200L-48P-4G | ||
| Cisco Catalyst C9200L-48P-4X | ||
| Cisco Catalyst C9200L-48PXG-2Y | ||
| Cisco Catalyst C9200L-48PXG-4X | ||
| Cisco Catalyst C9200L-48T-4G | ||
| Cisco Catalyst C9200L-48T-4X | ||
| Cisco Catalyst C9300-24P | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst 9300-24T-A | ||
| Cisco Catalyst C9300-24U | ||
| Cisco Catalyst 9300-24UX | ||
| Cisco Catalyst C9300-48P | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst 9300-48U | ||
| Cisco Catalyst C9300 Series | ||
| Cisco Catalyst C9300-48UXM | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst C9300L-24P-4X | ||
| Cisco Catalyst 9300L-24T-4G | ||
| Cisco Catalyst 9300 | ||
| Cisco Catalyst C9300L-48P-4G | ||
| Cisco Catalyst 9300 Series Switches | ||
| Cisco Catalyst C9300 | ||
| Cisco Catalyst C9300L-48T-4X | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst C9500-24Y4C | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst C9500-32QC | ||
| Cisco Catalyst C9500-40x | ||
| Cisco Catalyst C9500-48Y4C | ||
| Cisco Catalyst 3650 Series Switches | ||
| Cisco Catalyst 3650-12X48UR | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650 24 Port PoE Switch (WS-C3650-24PD) | ||
| Cisco Catalyst 3650-24PS | ||
| Cisco Catalyst 3650-24TD Switch | ||
| Cisco Catalyst 3650-24TS | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650-48FQ Switch | ||
| Cisco Catalyst 3650-48FQM Switch | ||
| Cisco Catalyst 3650 Series Switch WS-C3650-48FS | ||
| Cisco Catalyst 3650-48PD | ||
| Cisco Catalyst 3650 Series Switches | ||
| Cisco Catalyst 3650-48PS | ||
| Cisco Catalyst 3650 Series Switches | ||
| Cisco Catalyst 3650 48TQ | ||
| Cisco Catalyst 3650-48TS Switch | ||
| Cisco Catalyst 3650-8X24UQ | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 Series Switches | ||
| Cisco Catalyst 3850 Series Switch | ||
| Cisco Catalyst 3850 Switch (model WS-C3850-12XS) | ||
| Cisco Catalyst 3850 Series Switch | ||
| Cisco Catalyst 3850 Series Switches | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 Series Switch | ||
| Cisco Catalyst 3850 Switch | ||
| Cisco Catalyst 3850-24XU | ||
| Cisco Catalyst 3850 48F Switch | ||
| Cisco Catalyst 3850 48 Port PoE Switch | ||
| Cisco Catalyst 3850 Series Switches | ||
| Cisco Catalyst 3850-48U | ||
| Cisco Catalyst 3850 Series Switches |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-3475?
CVE-2020-3475 is rated as a high-severity vulnerability.
How do I fix CVE-2020-3475?
To fix CVE-2020-3475, you should upgrade your Cisco IOS XE software to the latest version.
What type of access does CVE-2020-3475 allow to an attacker?
CVE-2020-3475 allows an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data.
Can CVE-2020-3475 cause denial of service?
Yes, CVE-2020-3475 can cause the web management software to hang or crash, resulting in a denial of service.
Which Cisco products are affected by CVE-2020-3475?
CVE-2020-3475 affects multiple models of Cisco IOS XE Software, including the Cisco Catalyst and ASR series.
- agent/type
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios
- canonical/cisco 1100 series integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109 integrated services router
- canonical/cisco 111x integrated services router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco asr 1001
- canonical/cisco asr 1001-x
- canonical/cisco asr 1002 fixed router
- canonical/cisco asr 1002-x
- canonical/cisco asr 1004
- canonical/cisco asr 1006
- canonical/cisco asr 1006-x
- canonical/cisco asr 1009-x
- canonical/cisco asr 1013
- canonical/cisco catalyst 9800-40
- canonical/cisco catalyst 9800-80
- canonical/cisco catalyst 9800-cl
- canonical/cisco catalyst 9800-l
- canonical/cisco catalyst c9200
- canonical/cisco catalyst 9200 series
- canonical/cisco catalyst c9200-48p
- canonical/cisco catalyst c9200l-24p-4g
- canonical/cisco catalyst c9200l-24p-4x
- canonical/cisco catalyst c9200l-24pxg-2y
- canonical/cisco catalyst c9200l-24pxg-4x
- canonical/cisco catalyst c9200l-24t-4g
- canonical/cisco catalyst c9200l-24t-4x
- canonical/cisco catalyst c9200l-48p-4g
- canonical/cisco catalyst c9200l-48p-4x
- canonical/cisco catalyst c9200l-48pxg-2y
- canonical/cisco catalyst c9200l-48pxg-4x
- canonical/cisco catalyst c9200l-48t-4g
- canonical/cisco catalyst c9200l-48t-4x
- canonical/cisco catalyst c9300-24p
- canonical/cisco catalyst c9300
- canonical/cisco catalyst 9300-24t-a
- canonical/cisco catalyst c9300-24u
- canonical/cisco catalyst 9300-24ux
- canonical/cisco catalyst c9300-48p
- canonical/cisco catalyst 9300-48u
- canonical/cisco catalyst c9300 series
- canonical/cisco catalyst c9300-48uxm
- canonical/cisco catalyst c9300l-24p-4x
- canonical/cisco catalyst 9300l-24t-4g
- canonical/cisco catalyst 9300
- canonical/cisco catalyst c9300l-48p-4g
- canonical/cisco catalyst 9300 series switches
- canonical/cisco catalyst c9300l-48t-4x
- canonical/cisco catalyst 9500
- canonical/cisco catalyst c9500-24y4c
- canonical/cisco catalyst c9500-32qc
- canonical/cisco catalyst c9500-40x
- canonical/cisco catalyst c9500-48y4c
- canonical/cisco catalyst 3650 series switches
- canonical/cisco catalyst 3650-12x48ur
- canonical/cisco catalyst 3650 series switch
- canonical/cisco catalyst 3650 24 port poe switch (ws-c3650-24pd)
- canonical/cisco catalyst 3650-24ps
- canonical/cisco catalyst 3650-24td switch
- canonical/cisco catalyst 3650-24ts
- canonical/cisco catalyst 3650-48fq switch
- canonical/cisco catalyst 3650-48fqm switch
- canonical/cisco catalyst 3650 series switch ws-c3650-48fs
- canonical/cisco catalyst 3650-48pd
- canonical/cisco catalyst 3650-48ps
- canonical/cisco catalyst 3650 48tq
- canonical/cisco catalyst 3650-48ts switch
- canonical/cisco catalyst 3650-8x24uq
- canonical/cisco catalyst 3850
- canonical/cisco catalyst 3850 series switches
- canonical/cisco catalyst 3850 series switch
- canonical/cisco catalyst 3850 switch (model ws-c3850-12xs)
- canonical/cisco catalyst 3850 switch
- canonical/cisco catalyst 3850-24xu
- canonical/cisco catalyst 3850 48f switch
- canonical/cisco catalyst 3850 48 port poe switch
- canonical/cisco catalyst 3850-48u