What is CVE-2020-3400?

CVE-2020-3400 is a high-severity vulnerability in Cisco Ios Xe Software, classified under Missing Authorization. CVSS score: 8.8/10. Published 2020-09-24.

How severe is CVE-2020-3400?

High severity. CVSS v3 base score is 8.8 out of 10.

Auth bypass in Cisco Ios Xe Software

CVE-2020-3400

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI…

Vulnerability class: Broken Access Control

EPSS: 0.002 (41.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Ios Xe Software — versions n/a

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

20200924 Cisco IOS XE Software Web UI Authorization Bypass Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3400?: CVE-2020-3400 is a high-severity vulnerability in Cisco Ios Xe Software, classified under Missing Authorization. CVSS score: 8.8/10. Published 2020-09-24.
How severe is CVE-2020-3400?: High severity. CVSS v3 base score is 8.8 out of 10.