Cisco IOS XE Software Privilege Escalation Vulnerabilities

By GIXnews

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device.

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM

This advisory is part of the September 24, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 34 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2020-3141,CVE-2020-3425

Source:: Cisco Security Advisories