CVE-2020-3416 : Multiple vulnerabilities in the initialization routines that are executed during

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.

Published 2020-09-24 18:15:19

Updated 2020-10-07 17:19:00

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2020-3416

Cisco » Ios Xe » Version: 16.12.1
cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Asr 902 » Version: N/A
When used together with: Cisco » Asr 903 » Version: N/A
When used together with: Cisco » Asr 907 » Version: N/A
Cisco » Ios Xe » Version: 17.2
cpe:2.3:o:cisco:ios_xe:17.2:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Asr 902 » Version: N/A
When used together with: Cisco » Asr 903 » Version: N/A
When used together with: Cisco » Asr 907 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-3416

EPSS FAQ

0.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 39 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-3416

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.7	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	Cisco Systems, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-3416

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)
CWE-749 Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2020-3416

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c

Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-3416

Products affected by CVE-2020-3416

Exploit prediction scoring system (EPSS) score for CVE-2020-3416

CVSS scores for CVE-2020-3416

CWE ids for CVE-2020-3416

References for CVE-2020-3416