VDB
CVE-2020-3516
CVE-2020-3516
PUBLISHED
CVSS 4.3 MEDIUM
Reported by cisco · Published September 24, 2020
A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering unexpected characters during a valid authentication. A successful exploit could allow the attacker to crash the web server on the device, which must be manually recovered by disabling and re-enabling the web server.
Risk Scores
CVSS 3.0
4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco IOS XE Software | n/a |
| Cisco | Cisco IOS XE Software | n/a |
Timeline
- Sep 24, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- 20200924 Cisco IOS XE Software Web UI Improper Input Validation Vulnerability vendor-advisoryx_refsource_CISCO