Unrated severityNVD Advisory· Published Sep 24, 2020· Updated Nov 13, 2024
Cisco IOS XE Software Command Injection Vulnerability
CVE-2020-3403
Description
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: n/a
Patches
Vulnerability mechanics
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cmdinj-2MzhjM6Kmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.