CVE-2020-3416

MEDIUM Year: 2020
CVSS v3 Score
6.7
Medium
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-749
View all →

Vulnerability Description

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.

Related Vulnerabilities

CVE-2020-3513

MEDIUM
CVSS:6.7(Medium)

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (...

CWE-7492020

CVE-2019-13945

MEDIUM
CVSS:6.8(Medium)

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU ...

CWE-7492019

CVE-2023-33921

MEDIUM
CVSS:6.8(Medium)

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login ...

CWE-7492023

CVE-2024-27261

MEDIUM
CVSS:6.8(Medium)

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the pa...

CWE-7492024

CVE-2019-20923

MEDIUM
CVSS:6.5(Medium)

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to ...

CWE-7492019

CVE-2019-4386

MEDIUM
CVSS:6.5(Medium)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.

CWE-7492019