A multi vulnerability classified as critical was found on Cisco IOS XE (Router Operating System) the affected version is unknown.
This vulnerability affects an unknown code block of the component CLI. The manipulation with an unknown input leads to a privilege escalation vulnerability (OS Command Injection). The CWE definition for the vulnerability is CWE-78 .
As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was released 09/24/2020 as cisco-sa-iosxe-cmdinj-2MzhjM6K as confirmed advisory (Website). The advisory is available at tools.cisco.com .
This vulnerability was named CVE-2020-3403 since 12/12/2019. Local access is required to approach this attack. The requirement for exploitation is a single authentication. The technical details are unknown and an exploit is not available.
Upgrading eliminates this vulnerability.
Another vulnerability has found as the following list:
Cisco IOS XE Web UI privilege escalation CVE-2020-3400
Cisco IOS XE Control and Provisioning Crash denial of service CVE-2020-3399
Cisco IOS XE USB 3.0 SSD privilege escalation CVE-2020-3396
Cisco IOS XE Role-Based Access Control privilege escalation CVE-2020-3393
Cisco IOS XE SNMP Trap denial of service CVE-2020-3390
Cisco IOS XE mDNS denial of service CVE-2020-3359
Cisco IOS XE Web Management privilege escalation CVE-2020-3141 .