Cisco IOS XE Software Privilege Escalation Vulnerability

By GIXnews

A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device.

The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc1-OKMKFRhV

Security Impact Rating: Medium

CVE: CVE-2020-3215

Source:: Cisco Security Advisories