VDB
CVE-2020-3141
CVE-2020-3141
PUBLISHED
CVSS 8.800000190734863 HIGH
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
EPSS 0.98% · 77.2th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.98%
77.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ios_xe | 16.9.4, 17.2.1, 17.4.1 |
| Cisco | Cisco IOS XE Software 16.1.1 | * |
Exploit Intelligence
Timeline
- Sep 24, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-auth-bypass-6j2BYUc7 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rommon-secboot-7JgVLVYC advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-3141 advisory