CVE-2020-3207

Published Jun 3, 2020
Last updated 3 months ago
CVSS medium 6.7
Overview

Description: A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges.
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
CVSS 3.0

Type: Secondary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

ykramarz@cisco.com: CWE-77
nvd@nist.gov: CWE-78
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F29CEE37-4044-4A3C-9685-C9C021FD346A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DC5BB06-100F-42C9-8CEB-CC47FD26DDF3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5292764A-7D1C-4E04-86EF-809CB68EDD25"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1FDA817-3A50-4B9E-8F4E-F613BDB3E9EE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E16D266-108F-4F8A-998D-F1CA25F2EAAD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3h:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F84AE35F-D016-4B8F-8FE2-C2ACB200DFED"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41D55481-C80E-4400-9C3D-9F6B1F7F13CE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4BF9829-F80E-4837-A420-39B291C4E17B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB6BD18B-B9BD-452F-986E-16A6668E46B6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADED0D82-2A4D-4235-BFAC-5EE2D862B652"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3650-12x48uq:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7434059A-25B8-4FAC-A756-6E571348B76E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3650-12x48ur:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "858FEECF-CC69-4E68-8E8A-674643021964"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3650-12x48uz:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "91B9F022-4C3D-493E-9418-E9CDDAFEC9B1"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3650-24pd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8904EAF5-25E7-4A6B-8117-1859F913B83B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3650-24pdm:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "59A990D6-B748-4AFD-B924-1D19680BD3DB"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3650-48fq:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "426B68A6-3A41-43DB-846F-AEFBA62E221B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3650-48fqm:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9C96215F-A300-4B4E-9D3A-C32E484BFC5B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3650-8x24uq:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "991CBDFB-6836-4D1F-80A9-14EBCE3F855F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3850-24xs:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "295C46B4-5E9F-4DD8-861B-00BA43923306"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3850-48xs:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8E9B149-AA2B-4421-8CC3-5A4B32B7AADF"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3850-nm-2-40g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "35490BDE-DF21-495E-9F8A-7631FCB32A1F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3850-nm-8-10g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "20EFB5B8-4A38-48C5-A363-3C7F7763C1D5"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200-24p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "18736C74-F68F-4D0B-AE2B-4BC1834EF794"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200-24t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D223C2AB-22A4-42B5-8BBB-78E2CBF23B40"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200-48p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BDD3EAA2-8F25-4099-B76F-5ACC3BE34610"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200-48t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE9BD57F-BDAC-46DD-AF87-8914B29670F2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24p-4g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AFCEBFFC-DD60-4CB1-A7F2-9AC09977BA4F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24p-4x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9F7B21F-1DAA-45C7-8C24-D3A19F1C5459"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24pxg-2y:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1C4F9918-E075-4F78-AFD7-0BB7FA97C1F6"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24pxg-4x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C7E00A0B-A58E-472F-B107-0FE106751F2D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24t-4g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BCB45406-5216-4A11-B8D3-C44639DC26B0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24t-4x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "215D01AE-3767-482A-85C5-3361506F0AC3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48p-4g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A06E37A8-166F-4534-9089-D20B1227F4DD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48p-4x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9D6DAE3-BAD0-46D8-B899-45B955F532F7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48pxg-2y:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "327167E8-4B65-4F9D-8760-34CDA03887CA"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48pxg-4x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0DA2253-C6A9-4749-B313-6552628A96F3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48t-4g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C925086A-94B9-4FE0-9FEB-3242C1217453"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48t-4x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6EB14B34-4035-41D2-834B-7FB069264207"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-24p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F257D2BE-7618-4B6A-AFCE-6D9D0084FA1D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-24s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8BA927CE-9D8E-4BC0-9EA6-641E7C4F71B3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-24t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9A46D298-1685-410E-879C-2EBC45C185AC"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-24u:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CA4ACF54-E576-4D8A-A4E6-17A37EEC53DA"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-24ux:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "196A7C06-8371-479D-973D-591DEB181739"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-48p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE42511E-9883-4779-A8E5-FC3E16EF2793"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-48s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB06AD21-91A7-46B8-8F44-683828A5422D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-48t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5DA169AF-3743-4051-B63B-FF6E1ADCD886"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-48u:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7D13CF5B-4482-4C7D-8D6A-E220F3E4F868"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-48un:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "92134C0A-4E5B-43EF-8439-484DF504C43C"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26ECF9BD-F632-4A02-8993-C0D44B91289C"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "48730DB5-94AF-4BE7-8047-52B8B47CE35A"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E3A88142-3284-4C25-8774-36004B5F9087"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8EB76311-4B6D-4897-A683-4244E92BD570"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CDDA2975-CDB7-4182-A03E-D34F15CDF6F1"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "35B9D0B5-4BE1-490E-9A68-00A3D357BC3D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "71FA2F5A-6146-4142-96A8-552118E4BB67"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BEF786D6-F28F-49D8-A15C-BFD0AA934355"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CA32B0AC-1B0A-4ED8-8532-9C7BE6E059D4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9500-12q:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6BFEE45F-C5AC-483D-9DE6-4CEB98D80A0C"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9500-16x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FD6F5BBC-4627-4A3E-B827-3CEE7EE969D0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9500-24q:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8B2E41E2-00CE-42C4-8C91-9307D76F5D7A"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "98CB2D23-B5F8-4FA9-8431-3B0124CE2140"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9500-32c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E8A8BA9F-3361-43CD-8031-A5DF0AD68BEB"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9500-32qc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6DFE4BB6-FC9A-42B3-B8A0-2610D71BB9B8"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9500-40x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "53D13F1D-345D-45D5-9000-DAFE8A85D71B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8CFB064E-E390-47B5-AA76-5D3D2E368055"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
