CVE-2020-3454 - OpenCVE

A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying OS.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Mds 9000 Mds 9100 Mds 9134 Mds 9509 Mds 9710 Nexus 3016 Nexus 3048 Nexus 3064 Nexus 3064-t Nexus 31108pc-v Nexus 31108tc-v Nexus 31128pq Nexus 3132c-z Nexus 3132q Nexus 3132q-v Nexus 3132q-xl Nexus 3164q Nexus 3172 Nexus 3172pq-xl Nexus 3172tq Nexus 3172tq-32t Nexus 3172tq-xl Nexus 3232c Nexus 3264c-e Nexus 3264q Nexus 3408-s Nexus 34180yc Nexus 3432d-s Nexus 3464c Nexus 3524 Nexus 3524-x Nexus 3524-xl Nexus 3548 Nexus 3548-x Nexus 3548-xl Nexus 36180yc-r Nexus 3636c-r Nexus 5548p Nexus 5548up Nexus 5596t Nexus 5596up Nexus 56128p Nexus 5624q Nexus 5648q Nexus 5672up Nexus 5696q Nexus 6001 Nexus 6004 Nexus 7000 Nexus 7700 Nexus 9000v Nexus 92160yc-x Nexus 92300yc Nexus 92304qc Nexus 92348gc-x Nexus 9236c Nexus 9272q Nexus 93108tc-ex Nexus 93108tc-fx Nexus 93120tx Nexus 93128tx Nexus 93180lc-ex Nexus 93180yc-ex Nexus 93180yc-fx Nexus 93216tc-fx2 Nexus 93240yc-fx2 Nexus 9332c Nexus 9332pq Nexus 93360yc-fx2 Nexus 9336c-fx2 Nexus 9336pq Aci Spine Nexus 9348gc-fxp Nexus 9364c Nexus 9372px Nexus 9372px-e Nexus 9372tx Nexus 9372tx-e Nexus 9396px Nexus 9396tx Nexus 9504 Nexus 9508 Nexus 9516 Nx-os

Configuration 1 [-]

AND

OR	cpe:2.3:h:cisco:mds_9000:-:::::::*
	cpe:2.3:h:cisco:mds_9100:-:::::::*
	cpe:2.3:h:cisco:mds_9134:-:::::::*
	cpe:2.3:h:cisco:mds_9509:-:::::::*
	cpe:2.3:h:cisco:mds_9710:-:::::::*
	cpe:2.3:h:cisco:nexus_3016:-:::::::*
	cpe:2.3:h:cisco:nexus_3048:-:::::::*
	cpe:2.3:h:cisco:nexus_3064:-:::::::*
	cpe:2.3:h:cisco:nexus_3064-t:-:::::::*
	cpe:2.3:h:cisco:nexus_31108pc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31108tc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31128pq:-:::::::*
	cpe:2.3:h:cisco:nexus_3132c-z:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-v:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3164q:-:::::::*
	cpe:2.3:h:cisco:nexus_3172:-:::::::*
	cpe:2.3:h:cisco:nexus_3172pq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq-32t:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3232c:-:::::::*
	cpe:2.3:h:cisco:nexus_3264c-e:-:::::::*
	cpe:2.3:h:cisco:nexus_3264q:-:::::::*
	cpe:2.3:h:cisco:nexus_3408-s:-:::::::*
	cpe:2.3:h:cisco:nexus_34180yc:-:::::::*
	cpe:2.3:h:cisco:nexus_3432d-s:-:::::::*
	cpe:2.3:h:cisco:nexus_3464c:-:::::::*
	cpe:2.3:h:cisco:nexus_3524:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3548:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::*
	cpe:2.3:h:cisco:nexus_3636c-r:-:::::::*
	cpe:2.3:h:cisco:nexus_5548p:-:::::::*
	cpe:2.3:h:cisco:nexus_5548up:-:::::::*
	cpe:2.3:h:cisco:nexus_5596t:-:::::::*
	cpe:2.3:h:cisco:nexus_5596up:-:::::::*
	cpe:2.3:h:cisco:nexus_56128p:-:::::::*
	cpe:2.3:h:cisco:nexus_5624q:-:::::::*
	cpe:2.3:h:cisco:nexus_5648q:-:::::::*
	cpe:2.3:h:cisco:nexus_5672up:-:::::::*
	cpe:2.3:h:cisco:nexus_5696q:-:::::::*
	cpe:2.3:h:cisco:nexus_6001:-:::::::*
	cpe:2.3:h:cisco:nexus_6004:-:::::::*
	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7700:-:::::::*
	cpe:2.3:h:cisco:nexus_9000v:-:::::::*
	cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_92300yc:-:::::::*
	cpe:2.3:h:cisco:nexus_92304qc:-:::::::*
	cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_9236c:-:::::::*
	cpe:2.3:h:cisco:nexus_9272q:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_93120tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93128tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93180lc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-fx:-:::::::*
cpe:2.3:h:cisco:nexus_93216tc-fx2:-:::::::*
cpe:2.3:h:cisco:nexus_93240yc-fx2:-:::::::*
cpe:2.3:h:cisco:nexus_9332c:-:::::::*
cpe:2.3:h:cisco:nexus_9332pq:-:::::::*
cpe:2.3:h:cisco:nexus_93360yc-fx2:-:::::::*
cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::*
cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:::::::*
cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::*
cpe:2.3:h:cisco:nexus_9364c:-:::::::*
cpe:2.3:h:cisco:nexus_9372px:-:::::::*
cpe:2.3:h:cisco:nexus_9372px-e:-:::::::*
cpe:2.3:h:cisco:nexus_9372tx:-:::::::*
cpe:2.3:h:cisco:nexus_9372tx-e:-:::::::*
cpe:2.3:h:cisco:nexus_9396px:-:::::::*
cpe:2.3:h:cisco:nexus_9396tx:-:::::::*
cpe:2.3:h:cisco:nexus_9504:-:::::::*
cpe:2.3:h:cisco:nexus_9508:-:::::::*
cpe:2.3:h:cisco:nexus_9516:-:::::::*

cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-callhome-cmdinj-zkxzSCY

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-08-27T15:40:17.920177Z

Updated: 2024-09-16T23:40:34.268Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3454

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-27T16:15:12.410

Modified: 2020-09-04T01:19:32.693

Link: CVE-2020-3454

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object