A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-06-03T17:40:59.251400Z
Updated: 2024-09-17T00:42:19.662Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3211
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-06-03T18:15:19.167
Modified: 2020-06-10T15:26:58.803
Link: CVE-2020-3211
Redhat
No data.