CVE-2020-3394

CVE Database · CVE-2020-3394

CVE-2020-3394

· HIGHModified

CVSS v3.1

7.8

EPSS

0.32%

Published

Aug 27, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-285CWE-862

Affected Products (65)

cisco · nx-osvulnerable

cisco · nexus_3016

cisco · nexus_3048

cisco · nexus_3064

cisco · nexus_3064-t

cisco · nexus_31108pc-v

cisco · nexus_31108tc-v

cisco · nexus_31128pq

cisco · nexus_3132c-z

cisco · nexus_3132q

cisco · nexus_3132q-v

cisco · nexus_3132q-xl

cisco · nexus_3164q

· nexus_3172

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3n9k-priv-escal-3QhXJBC

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3n9k-priv-escal-3QhXJBC

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs