CVE-2020-3216
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
03/06/2020
Last modified:
10/06/2020
Description
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.
Impact
Base Score 3.x
6.80
Severity 3.x
MEDIUM
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe_sd-wan:16.10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe_sd-wan:16.10.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page