Rewterz Threat Alert – URSNIF and GOZI Delivery via Excel Macro 4.0
June 4, 2020Rewterz Threat Advisory – CVE-2020-3205 – Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability
June 4, 2020Rewterz Threat Alert – URSNIF and GOZI Delivery via Excel Macro 4.0
June 4, 2020Rewterz Threat Advisory – CVE-2020-3205 – Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability
June 4, 2020Severity
High
Analysis Summary
The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device.
Impact
Privilege Escalation
Affected Vendors
Cisco
Affected Products
Cisco IOS XE Software releases 16.3.1 and later
Remediation
Refer to vendor’s advisory for the list of affected products and upgraded patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9