CVE-2020-3208

A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ciscoCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
ciscoios
12.2\(60\)ez16
ciscoios
15.0\(2\)sg11a
ciscoios
15.3\(3\)jaa1
ciscoios
15.3\(3\)jpj
ciscoios
15.5\(3\)m0a
ciscoios
15.5\(3\)m1
ciscoios
15.5\(3\)m2
ciscoios
15.5\(3\)m2a
ciscoios
15.5\(3\)m3
ciscoios
15.5\(3\)m4
ciscoios
15.5\(3\)m4a
ciscoios
15.5\(3\)m5
ciscoios
15.5\(3\)m6
ciscoios
15.5\(3\)m6a
ciscoios
15.5\(3\)m7
ciscoios
15.5\(3\)m8
ciscoios
15.5\(3\)m9
ciscoios
15.5\(3\)m10
ciscoios
15.5\(3\)m11
ciscoios
15.6\(1\)t
ciscoios
15.6\(1\)t0a
ciscoios
15.6\(1\)t1
ciscoios
15.6\(1\)t2
ciscoios
15.6\(1\)t3
ciscoios
15.6\(3\)m
ciscoios
15.6\(3\)m0a
ciscoios
15.6\(3\)m1
ciscoios
15.6\(3\)m1b
ciscoios
15.6\(3\)m2
ciscoios
15.6\(3\)m3
ciscoios
15.6\(3\)m3a
ciscoios
15.6\(3\)m4
ciscoios
15.6\(3\)m5
ciscoios
15.6\(3\)m6
ciscoios
15.6\(3\)m6a
ciscoios
15.6\(3\)m6b
ciscoios
15.6\(3\)m7
ciscoios
15.6\(3\)m8
ciscoios
15.6\(3\)m9
ciscoios
15.7\(3\)m
ciscoios
15.7\(3\)m1
ciscoios
15.7\(3\)m2
ciscoios
15.7\(3\)m3
ciscoios
15.7\(3\)m4
ciscoios
15.7\(3\)m4a
ciscoios
15.7\(3\)m4b
ciscoios
15.7\(3\)m5
ciscoios
15.7\(3\)m6
ciscoios
15.7\(3\)m7
ciscoios
15.8\(3\)m
ciscoios
15.8\(3\)m0a
ciscoios
15.8\(3\)m1
ciscoios
15.8\(3\)m2
ciscoios
15.8\(3\)m2a
ciscoios
15.8\(3\)m3
ciscoios
15.8\(3\)m4
ciscoios
15.8\(3\)m5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK