Rewterz Threat Advisory – CVE-2020-3227 – Cisco IOx for IOS XE Software Privilege Escalation Vulnerability
June 4, 2020Rewterz Threat Advisory – ICS: ABB Multiple System 800xA Products
June 4, 2020Rewterz Threat Advisory – CVE-2020-3227 – Cisco IOx for IOS XE Software Privilege Escalation Vulnerability
June 4, 2020Rewterz Threat Advisory – ICS: ABB Multiple System 800xA Products
June 4, 2020Severity
High
Analysis Summary
The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise.
Impact
System compromise
Affected Vendors
Cisco
Affected Products
- Cisco 809 and 829 Industrial ISRs
- CGR1000
Remediation
Refer to vendor’s advisory for the list of affected products and upgraded patches.