RCE in Cisco Catalyst_3650-12x48uq
CVE-2020-3207
A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.006 (44.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
- psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-3207?
- CVE-2020-3207 is a medium-severity vulnerability in Cisco Catalyst_3650-12x48uq, classified under Command Injection. CVSS score: 6.7/10. Published 2020-06-03.
- How severe is CVE-2020-3207?
- Medium severity. CVSS v3 base score is 6.7 out of 10.