CVE-2020-3210 - OpenCVE

Vendors	Products
Cisco	829 1120 Ios 809 1240

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE	Patch Vendor Advisory

{"containers": {"cna": {"affected": [{"product": "Cisco IOS 12.2(60)EZ16", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-06-03T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-03T17:40:54", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"}], "source": {"advisory": "cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE", "defect": [["CSCvq87451", "CSCvr18056"]], "discovery": "INTERNAL"}, "title": "Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-06-03T16:00:00", "ID": "CVE-2020-3210", "STATE": "PUBLIC", "TITLE": "Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS 12.2(60)EZ16", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-77"}]}]}, "references": {"reference_data": [{"name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"}]}, "source": {"advisory": "cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE", "defect": [["CSCvq87451", "CSCvr18056"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3210", "datePublished": "2020-06-03T00:00:00", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2020-06-03T17:40:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:12.2\\(60\\)ez16:*:*:*:*:*:*:*", "matchCriteriaId": "C2950C7F-EEB9-4956-937D-CD978AAC2E44", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.0\\(2\\)sg11a:*:*:*:*:*:*:*", "matchCriteriaId": "AAAC6B58-6FC4-459B-9663-4FDC6A6F8DE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*", "matchCriteriaId": "EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpj:*:*:*:*:*:*:*", "matchCriteriaId": "2F69B4F2-4A03-4383-8958-11EE154A7350", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m:*:*:*:*:*:*:*", "matchCriteriaId": "EEFE8A85-7F63-4E4C-A3FE-7B7E27AD1DF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m0a:*:*:*:*:*:*:*", "matchCriteriaId": "0807458A-2453-4575-AE19-0DE15E04B88C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:1240:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CB47690-B2F6-49A8-BA77-3474E31C8694", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:809:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB84AD16-CC85-4D9A-8FF3-77EA5B3898B7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:829:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AB3C4D5-3410-4D26-9F7E-CA30F108BAAF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user."}, {"lang": "es", "value": "Una vulnerabilidad en los analizadores de la CLI de Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podr\u00eda permitir a un atacante local autenticado ejecutar comandos de shell arbitrarios en el Virtual Device Server (VDS) de un dispositivo afectado. El atacante debe tener credenciales de usuario v\u00e1lidas en el nivel de privilegio 15. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de los argumentos que se pasan a comandos espec\u00edficos de CLI relacionados con VDS. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en el dispositivo objetivo e incluyendo entradas maliciosas como argumento de un comando afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el contexto del shell de VDS de Linux con los privilegios del usuario root."}], "id": "CVE-2020-3210", "lastModified": "2020-06-10T16:40:06.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-03T18:15:19.073", "references": [{"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

JSON object

JSON object

JSON object