Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2020-03028

Опубликовано: 03 июн. 2020
Источник: fstec
CVSS3: 6.7
CVSS2: 6.8
EPSS Низкий

Описание

Уязвимость интерпретатора TCL-сценариев (Tool Command Language) операционных систем Cisco IOS и Cisco IOS XE связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код с привилегиями root в базовой операционной системе

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco IOS
Cisco IOS XE

Версия ПО

15.3s (Cisco IOS)
16.1 (Cisco IOS XE)
16.2 (Cisco IOS XE)
3.9S (Cisco IOS XE)
3.2SE (Cisco IOS XE)
3.3XO (Cisco IOS XE)
16.3 (Cisco IOS XE)
3.7E (Cisco IOS XE)
3.8E (Cisco IOS XE)
3.9E (Cisco IOS XE)
3.10S (Cisco IOS XE)
3.15S (Cisco IOS XE)
3.16S (Cisco IOS XE)
3.17S (Cisco IOS XE)
3.2SG (Cisco IOS XE)
16.4 (Cisco IOS XE)
16.5 (Cisco IOS XE)
16.6 (Cisco IOS XE)
16.7 (Cisco IOS XE)
16.8 (Cisco IOS XE)
16.9 (Cisco IOS XE)
16.10 (Cisco IOS XE)
16.11 (Cisco IOS XE)
3.7S (Cisco IOS XE)
3.3SG (Cisco IOS XE)
3.8S (Cisco IOS XE)
3.4SG (Cisco IOS XE)
3.5E (Cisco IOS XE)
3.11S (Cisco IOS XE)
3.12S (Cisco IOS XE)
3.13S (Cisco IOS XE)
3.6E (Cisco IOS XE)
3.14S (Cisco IOS XE)
3.3SQ (Cisco IOS XE)
3.4SQ (Cisco IOS XE)
3.5SQ (Cisco IOS XE)
3.18S (Cisco IOS XE)
3.18SP (Cisco IOS XE)
3.10E (Cisco IOS XE)
12.2ZI (Cisco IOS)
12.2EZ (Cisco IOS)
12.4MD (Cisco IOS)
12.2SXI (Cisco IOS)
12.2SRE (Cisco IOS)
15.0S (Cisco IOS)
15.2S (Cisco IOS)
15.0EY (Cisco IOS)
15.1S (Cisco IOS)
15.0SY (Cisco IOS)
12.2SXJ (Cisco IOS)
15.0SG (Cisco IOS)
15.0EX (Cisco IOS)
15.1SY (Cisco IOS)
15.4S (Cisco IOS)
15.2SC (Cisco IOS)
15.2SY (Cisco IOS)
15.2JAZ (Cisco IOS)
15.5S (Cisco IOS)
15.3JAA (Cisco IOS)
15.3SY (Cisco IOS)
15.6SP (Cisco IOS)
15.4SY (Cisco IOS)
15.7M (Cisco IOS)
15.8M (Cisco IOS)
15.0XA (Cisco IOS)
15.1T (Cisco IOS)
15.1XB (Cisco IOS)
15.3T (Cisco IOS)
15.1M (Cisco IOS)
15.1GC (Cisco IOS)
15.0MR (Cisco IOS)
15.2M (Cisco IOS)
15.2GC (Cisco IOS)
15.4T (Cisco IOS)
15.1MRA (Cisco IOS)
15.3M (Cisco IOS)
15.4M (Cisco IOS)
15.3XB (Cisco IOS)
15.4CG (Cisco IOS)
15.5T (Cisco IOS)
15.4SN (Cisco IOS)
15.5M (Cisco IOS)
15.6S (Cisco IOS)
15.6T (Cisco IOS)
15.5XB (Cisco IOS)
15.6SN (Cisco IOS)
15.6M (Cisco IOS)
15.1SG (Cisco IOS)
15.2E (Cisco IOS)
16.12 (Cisco IOS XE)
12.2SE (Cisco IOS)
12.2EX (Cisco IOS)
12.2EY (Cisco IOS)
12.4MR (Cisco IOS)
12.4T (Cisco IOS)
12.2SG (Cisco IOS)
12.4XZ (Cisco IOS)
12.4XR (Cisco IOS)
12.2XO (Cisco IOS)
12.2SQ (Cisco IOS)
12.4MDA (Cisco IOS)
12.4YG (Cisco IOS)
15.0M (Cisco IOS)
15.0XO (Cisco IOS)
12.4MRB (Cisco IOS)
12.2WO (Cisco IOS)
15.0SE (Cisco IOS)
12.4MDB (Cisco IOS)
15.0EZ (Cisco IOS)
12.4YS (Cisco IOS)
15.2EY (Cisco IOS)
15.0EJ (Cisco IOS)
15.2EX (Cisco IOS)
15.0EK (Cisco IOS)
15.2EB (Cisco IOS)
15.2EA (Cisco IOS)
15.0SQD (Cisco IOS)
15.2EC (Cisco IOS)
12.2I (Cisco IOS)
15.9M (Cisco IOS)
15.3JPI (Cisco IOS)
15.1SVS (Cisco IOS)
3.11E (Cisco IOS XE)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Cisco Systems Inc. Cisco IOS 15.3s
Cisco Systems Inc. Cisco IOS XE 16.1
Cisco Systems Inc. Cisco IOS XE 16.2
Cisco Systems Inc. Cisco IOS XE 3.9S
Cisco Systems Inc. Cisco IOS XE 3.2SE
Cisco Systems Inc. Cisco IOS XE 3.3XO
Cisco Systems Inc. Cisco IOS XE 16.3
Cisco Systems Inc. Cisco IOS XE 3.7E
Cisco Systems Inc. Cisco IOS XE 3.8E
Cisco Systems Inc. Cisco IOS XE 3.9E
Cisco Systems Inc. Cisco IOS XE 3.10S
Cisco Systems Inc. Cisco IOS XE 3.15S
Cisco Systems Inc. Cisco IOS XE 3.16S
Cisco Systems Inc. Cisco IOS XE 3.17S
Cisco Systems Inc. Cisco IOS XE 3.2SG
Cisco Systems Inc. Cisco IOS XE 16.4
Cisco Systems Inc. Cisco IOS XE 16.5
Cisco Systems Inc. Cisco IOS XE 16.6
Cisco Systems Inc. Cisco IOS XE 16.7
Cisco Systems Inc. Cisco IOS XE 16.8
Cisco Systems Inc. Cisco IOS XE 16.9
Cisco Systems Inc. Cisco IOS XE 16.10
Cisco Systems Inc. Cisco IOS XE 16.11
Cisco Systems Inc. Cisco IOS XE 3.7S
Cisco Systems Inc. Cisco IOS XE 3.3SG
Cisco Systems Inc. Cisco IOS XE 3.8S
Cisco Systems Inc. Cisco IOS XE 3.4SG
Cisco Systems Inc. Cisco IOS XE 3.5E
Cisco Systems Inc. Cisco IOS XE 3.11S
Cisco Systems Inc. Cisco IOS XE 3.12S
Cisco Systems Inc. Cisco IOS XE 3.13S
Cisco Systems Inc. Cisco IOS XE 3.6E
Cisco Systems Inc. Cisco IOS XE 3.14S
Cisco Systems Inc. Cisco IOS XE 3.3SQ
Cisco Systems Inc. Cisco IOS XE 3.4SQ
Cisco Systems Inc. Cisco IOS XE 3.5SQ
Cisco Systems Inc. Cisco IOS XE 3.18S
Cisco Systems Inc. Cisco IOS XE 3.18SP
Cisco Systems Inc. Cisco IOS XE 3.10E
Cisco Systems Inc. Cisco IOS 12.2ZI
Cisco Systems Inc. Cisco IOS 12.2EZ
Cisco Systems Inc. Cisco IOS 12.4MD
Cisco Systems Inc. Cisco IOS 12.2SXI
Cisco Systems Inc. Cisco IOS 12.2SRE
Cisco Systems Inc. Cisco IOS 15.0S
Cisco Systems Inc. Cisco IOS 15.2S
Cisco Systems Inc. Cisco IOS 15.0EY
Cisco Systems Inc. Cisco IOS 15.1S
Cisco Systems Inc. Cisco IOS 15.0SY
Cisco Systems Inc. Cisco IOS 12.2SXJ
Cisco Systems Inc. Cisco IOS 15.0SG
Cisco Systems Inc. Cisco IOS 15.0EX
Cisco Systems Inc. Cisco IOS 15.1SY
Cisco Systems Inc. Cisco IOS 15.4S
Cisco Systems Inc. Cisco IOS 15.2SC
Cisco Systems Inc. Cisco IOS 15.2SY
Cisco Systems Inc. Cisco IOS 15.2JAZ
Cisco Systems Inc. Cisco IOS 15.5S
Cisco Systems Inc. Cisco IOS 15.3JAA
Cisco Systems Inc. Cisco IOS 15.3SY
Cisco Systems Inc. Cisco IOS 15.6SP
Cisco Systems Inc. Cisco IOS 15.4SY
Cisco Systems Inc. Cisco IOS 15.7M
Cisco Systems Inc. Cisco IOS 15.8M
Cisco Systems Inc. Cisco IOS 15.0XA
Cisco Systems Inc. Cisco IOS 15.1T
Cisco Systems Inc. Cisco IOS 15.1XB
Cisco Systems Inc. Cisco IOS 15.3T
Cisco Systems Inc. Cisco IOS 15.1M
Cisco Systems Inc. Cisco IOS 15.1GC
Cisco Systems Inc. Cisco IOS 15.0MR
Cisco Systems Inc. Cisco IOS 15.2M
Cisco Systems Inc. Cisco IOS 15.2GC
Cisco Systems Inc. Cisco IOS 15.4T
Cisco Systems Inc. Cisco IOS 15.1MRA
Cisco Systems Inc. Cisco IOS 15.3M
Cisco Systems Inc. Cisco IOS 15.4M
Cisco Systems Inc. Cisco IOS 15.3XB
Cisco Systems Inc. Cisco IOS 15.4CG
Cisco Systems Inc. Cisco IOS 15.5T
Cisco Systems Inc. Cisco IOS 15.4SN
Cisco Systems Inc. Cisco IOS 15.5M
Cisco Systems Inc. Cisco IOS 15.6S
Cisco Systems Inc. Cisco IOS 15.6T
Cisco Systems Inc. Cisco IOS 15.5XB
Cisco Systems Inc. Cisco IOS 15.6SN
Cisco Systems Inc. Cisco IOS 15.6M
Cisco Systems Inc. Cisco IOS 15.1SG
Cisco Systems Inc. Cisco IOS 15.2E
Cisco Systems Inc. Cisco IOS XE 16.12
Cisco Systems Inc. Cisco IOS 12.2SE
Cisco Systems Inc. Cisco IOS 12.2EX
Cisco Systems Inc. Cisco IOS 12.2EY
Cisco Systems Inc. Cisco IOS 12.4MR
Cisco Systems Inc. Cisco IOS 12.4T
Cisco Systems Inc. Cisco IOS 12.2SG
Cisco Systems Inc. Cisco IOS 12.4XZ
Cisco Systems Inc. Cisco IOS 12.4XR
Cisco Systems Inc. Cisco IOS 12.2XO
Cisco Systems Inc. Cisco IOS 12.2SQ
Cisco Systems Inc. Cisco IOS 12.4MDA
Cisco Systems Inc. Cisco IOS 12.4YG
Cisco Systems Inc. Cisco IOS 15.0M
Cisco Systems Inc. Cisco IOS 15.0XO
Cisco Systems Inc. Cisco IOS 12.4MRB
Cisco Systems Inc. Cisco IOS 12.2WO
Cisco Systems Inc. Cisco IOS 15.0SE
Cisco Systems Inc. Cisco IOS 12.4MDB
Cisco Systems Inc. Cisco IOS 15.0EZ
Cisco Systems Inc. Cisco IOS 12.4YS
Cisco Systems Inc. Cisco IOS 15.2EY
Cisco Systems Inc. Cisco IOS 15.0EJ
Cisco Systems Inc. Cisco IOS 15.2EX
Cisco Systems Inc. Cisco IOS 15.0EK
Cisco Systems Inc. Cisco IOS 15.2EB
Cisco Systems Inc. Cisco IOS 15.2EA
Cisco Systems Inc. Cisco IOS 15.0SQD
Cisco Systems Inc. Cisco IOS 15.2EC
Cisco Systems Inc. Cisco IOS 12.2I
Cisco Systems Inc. Cisco IOS 15.9M
Cisco Systems Inc. Cisco IOS 15.3JPI
Cisco Systems Inc. Cisco IOS 15.1SVS
Cisco Systems Inc. Cisco IOS XE 3.11E

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 6,7)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tcl-ace-C9KuVKmm

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 20%
0.00063
Низкий

6.7 Medium

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2020-3204

CVSS3: 6.7
nvd
больше 5 лет назад

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device.

github логотип

GHSA-4273-vg8f-3qj2

CVSS3: 6.7
github
больше 3 лет назад

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device.

EPSS

Процентиль: 20%
0.00063
Низкий

6.7 Medium

CVSS3

6.8 Medium

CVSS2