CVE-2020-3474 - OpenCVE

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	1100 Integrated Services Router 1101 Integrated Services Router 1109 Integrated Services Router 1111x Integrated Services Router 111x Integrated Services Router 1120 Integrated Services Router 1160 Integrated Services Router Asr 1001-hx Asr 1001-x Asr 1002-hx Asr 1002-x Asr 1004 Asr 1006 Asr 1006-x Asr 1009-x Asr 1013 Catalyst 9800-40 Catalyst 9800-80 Catalyst 9800-cl Catalyst 9800-l Catalyst 9800-l-c Catalyst 9800-l-f Catalyst C9200-24p Catalyst C9200-24t Catalyst C9200-48p Catalyst C9200-48t Catalyst C9200l-24p-4g Catalyst C9200l-24p-4x Catalyst C9200l-24pxg-2y Catalyst C9200l-24pxg-4x Catalyst C9200l-24t-4g Catalyst C9200l-24t-4x Catalyst C9200l-48p-4g Catalyst C9200l-48p-4x Catalyst C9200l-48pxg-2y Catalyst C9200l-48pxg-4x Catalyst C9200l-48t-4g Catalyst C9200l-48t-4x Catalyst C9300-24p Catalyst C9300-24s Catalyst C9300-24t Catalyst C9300-24u Catalyst C9300-24ux Catalyst C9300-48p Catalyst C9300-48s Catalyst C9300-48t Catalyst C9300-48u Catalyst C9300-48un Catalyst C9300-48uxm Catalyst C9300l-24p-4g Catalyst C9300l-24p-4x Catalyst C9300l-24t-4g Catalyst C9300l-24t-4x Catalyst C9300l-48p-4g Catalyst C9300l-48p-4x Catalyst C9300l-48t-4g Catalyst C9300l-48t-4x Catalyst C9500-12q Catalyst C9500-16x Catalyst C9500-24q Catalyst C9500-24y4c Catalyst C9500-32c Catalyst C9500-32qc Catalyst C9500-40x Catalyst C9500-48y4c Ios Xe Ws-c3650-12x48uq Ws-c3650-12x48ur Ws-c3650-12x48uz Ws-c3650-24pd Ws-c3650-24pdm Ws-c3650-24ps Ws-c3650-24td Ws-c3650-24ts Ws-c3650-48fd Ws-c3650-48fq Ws-c3650-48fqm Ws-c3650-48fs Ws-c3650-48pd Ws-c3650-48pq Ws-c3650-48ps Ws-c3650-48td Ws-c3650-48tq Ws-c3650-48ts Ws-c3650-8x24uq Ws-c3850 Ws-c3850-12s Ws-c3850-12x48u Ws-c3850-12xs Ws-c3850-24p Ws-c3850-24s Ws-c3850-24t Ws-c3850-24u Ws-c3850-24xs Ws-c3850-24xu Ws-c3850-48f Ws-c3850-48p Ws-c3850-48t Ws-c3850-48u Ws-c3850-48xs

Configuration 1 [-]

AND

cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:asr_1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24ux:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48un:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-12q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-16x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32qc:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-40x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48uq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48ur:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48uz:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24pd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24pdm:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24ps:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24td:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24ts:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fqm:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fs:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48pd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48pq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48ps:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48td:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48tq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48ts:-:::::::*
cpe:2.3:h:cisco:ws-c3650-8x24uq:-:::::::*
cpe:2.3:h:cisco:ws-c3850:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12s:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12x48u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24p:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24s:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24t:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24xu:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48f:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48p:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48t:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48xs:-:::::::*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-webui-multi-vfTkk7yr

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-09-24T17:53:03.262788Z

Updated: 2024-09-16T21:03:36.223Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3474

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-24T18:15:19.637

Modified: 2023-11-07T03:22:46.407

Link: CVE-2020-3474

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object