Published: 03/06/2020 Updated: 17/09/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote malicious user to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an malicious user to execute arbitrary commands with administrative privileges on an affected device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios xe 16.1.1
cisco ios xe 16.1.2
cisco ios xe 16.1.3
cisco ios xe 16.2.1
cisco ios xe 16.2.2
cisco ios xe 16.3.1
cisco ios xe 16.3.1a
cisco ios xe 16.3.2
cisco ios xe 16.3.3
cisco ios xe 16.3.4
cisco ios xe 16.3.5
cisco ios xe 16.3.5b
cisco ios xe 16.3.6
cisco ios xe 16.3.7
cisco ios xe 16.3.8
cisco ios xe 16.3.9
cisco ios xe 16.3.10
cisco ios xe 16.4.1
cisco ios xe 16.4.2
cisco ios xe 16.4.3
cisco ios xe 16.5.1
cisco ios xe 16.5.1a
cisco ios xe 16.5.1b
cisco ios xe 16.5.2
cisco ios xe 16.5.3
cisco ios xe 16.6.1
cisco ios xe 16.6.2
cisco ios xe 16.6.3
cisco ios xe 16.6.4
cisco ios xe 16.6.4a
cisco ios xe 16.6.4s
cisco ios xe 16.6.5
cisco ios xe 16.6.5a
cisco ios xe 16.6.5b
cisco ios xe 16.6.6
cisco ios xe 16.6.7
cisco ios xe 16.6.7a
cisco ios xe 16.7.1
cisco ios xe 16.7.1a
cisco ios xe 16.7.1b
cisco ios xe 16.7.2
cisco ios xe 16.7.3
cisco ios xe 16.7.4
cisco ios xe 16.8.1
cisco ios xe 16.8.1a
cisco ios xe 16.8.1b
cisco ios xe 16.8.1c
cisco ios xe 16.8.1d
cisco ios xe 16.8.1e
cisco ios xe 16.8.1s
cisco ios xe 16.8.2
cisco ios xe 16.8.3
cisco ios xe 16.9.1
cisco ios xe 16.9.1a
cisco ios xe 16.9.1b
cisco ios xe 16.9.1c
cisco ios xe 16.9.1d
cisco ios xe 16.9.1s
cisco ios xe 16.9.2
cisco ios xe 16.9.2a
cisco ios xe 16.9.2s
cisco ios xe 16.9.3
cisco ios xe 16.9.3a
cisco ios xe 16.9.3h
cisco ios xe 16.9.3s
cisco ios xe 16.9.4
cisco ios xe 16.9.4c
cisco ios xe 16.10.1
cisco ios xe 16.10.1a
cisco ios xe 16.10.1b
cisco ios xe 16.10.1c
cisco ios xe 16.10.1d
cisco ios xe 16.10.1e
cisco ios xe 16.10.1f
cisco ios xe 16.10.1g
cisco ios xe 16.10.1s
cisco ios xe 16.10.2
cisco ios xe 16.10.3
cisco ios xe 16.11.1
cisco ios xe 16.11.1a
cisco ios xe 16.11.1b
cisco ios xe 16.11.1c
cisco ios xe 16.11.1s
cisco ios xe 16.11.2
cisco ios xe 16.12.1
cisco ios xe 16.12.1a
cisco ios xe 16.12.1c
cisco ios xe 16.12.1s
cisco ios xe 16.12.1t
cisco ios xe 16.12.1w
cisco ios xe 16.12.1x
cisco ios xe 16.12.1y

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device The vulnerability is due to insufficient validation of user-supplied input to the web UI An attacker could exploit thi ...

CWE-20 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-03 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD

CVE-2020-3219

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect