CVE-2020-3227

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios_xe:3.11.6e:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.4:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.5:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.5b:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.6:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.7:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.8:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.9:::::::*
	cpe:2.3:o:cisco:ios_xe:16.4.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.4.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.4.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.5.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.5.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.5.1b:::::::*
	cpe:2.3:o:cisco:ios_xe:16.5.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.5.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.4:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.4a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.4s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.5:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.5a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.5b:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.6:::::::*
	cpe:2.3:o:cisco:ios_xe:16.7.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.7.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.7.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.8.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.8.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.8.1b:::::::*
	cpe:2.3:o:cisco:ios_xe:16.8.1c:::::::*
	cpe:2.3:o:cisco:ios_xe:16.8.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.8.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.8.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.1b:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.1c:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.1d:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.2a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.3a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.3h:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.3s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.4:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.4c:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.1b:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.1e:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1a:::::::*
cpe:2.3:o:cisco:ios_xe:16.11.1b:::::::*
cpe:2.3:o:cisco:ios_xe:16.11.1c:::::::*
cpe:2.3:o:cisco:ios_xe:16.11.1s:::::::*
cpe:2.3:o:cisco:ios_xe:16.12.1:::::::*
cpe:2.3:o:cisco:ios_xe:16.12.1a:::::::*
cpe:2.3:o:cisco:ios_xe:16.12.1c:::::::*

History

21 Nov 2024, 05:30

Type	Values Removed	Values Added
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9 - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9 - Vendor Advisory

Information

Published : 2020-06-03 18:15

Updated : 2024-11-21 05:30

NVD link : CVE-2020-3227

Mitre link : CVE-2020-3227

CVE.ORG link : CVE-2020-3227

JSON object : View

Products Affected

cisco

ios_xe

CWE

CWE-264

Permissions, Privileges, and Access Controls

CWE-863

Incorrect Authorization

{"id": "CVE-2020-3227", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-06-03T18:15:20.730", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-264"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad en los controles de autorizaci\u00f3n para la infraestructura de alojamiento de la aplicaci\u00f3n Cisco IOx en Cisco IOS XE Software, podr\u00eda permitir a un atacante remoto no autenticado ejecutar comandos de Cisco IOx API sin la autorizaci\u00f3n apropiada. La vulnerabilidad es debido al manejo incorrecto de las peticiones de tokens de autorizaci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad utilizando una llamada de la API dise\u00f1ada para solicitar dicho token. Una explotaci\u00f3n podr\u00eda permitir al atacante obtener un token de autorizaci\u00f3n y ejecutar cualquiera de los comandos de la API IOx sobre un dispositivo afectado."}], "lastModified": "2024-11-21T05:30:36.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:3.11.6e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B26F38B-B72E-4BB7-B9FB-18C8AF92E05A"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "296636F1-9242-429B-8472-90352C056106"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77993343-0394-413F-ABF9-C1215E9AD800"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "283971DD-DD58-4A76-AC2A-F316534ED416"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8F324A5-4830-482E-A684-AB3B6594CEAE"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8120196-8648-49D0-8262-CD4C9C90C37A"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33E7CCE2-C685-4019-9B55-B3BECB3E5F76"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0699DD6E-BA74-4814-93AB-300329C9D032"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2E2D781-2684-45F1-AC52-636572A0DCA8"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "479FB47B-AF2E-4FCB-8DE0-400BF325666C"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF2B4C78-5C31-4F3D-9639-305E15576E79"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C09F0A2-B21F-40ED-A6A8-9A29D6E1C6A8"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77E8AF15-AB46-4EAB-8872-8C55E8601599"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "957318BE-55D4-4585-AA52-C813301D01C3"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F11B703-8A0F-47ED-AA70-951FF78B94A4"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE7B2557-821D-4E05-B5C3-67192573D97D"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EE6EC32-51E4-43A3-BFB9-A0D842D08E87"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "187F699A-AF2F-42B0-B855-27413140C384"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E0B905E-4D92-4FD6-B2FF-41FF1F59A948"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62EDEC28-661E-42EF-88F0-F62D0220D2E5"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F821EBD7-91E2-4460-BFAF-18482CF6CB8C"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E36D2D24-8F63-46DE-AC5F-8DE33332EBC6"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9B825E6-5929-4890-BDBA-4CF4BD2314C9"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65020120-491D-46CD-8C73-974B6F4C11E6"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ADDCD0A-6168-45A0-A885-76CC70FE2FC7"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F35C623-6043-43A6-BBAA-478E185480CF"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D83E34F4-F4DD-49CC-9C95-93F9D4D26B42"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2833EAE-94C8-4279-A244-DDB6E2D15DC2"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.5b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B688E46-5BAD-4DEC-8B13-B184B141B169"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C8F50DB-3A80-4D89-9F7B-86766D37338B"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "623BF701-ADC9-4F24-93C5-043A6A7FEF5F"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FBD681F-7969-42BE-A47E-7C287755DCB5"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98255E6F-3056-487D-9157-403836EFB9D3"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57D4F634-03D5-4D9F-901C-7E9CE45F2F38"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4463A1D1-E169-4F0B-91B2-FA126BB444CB"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D97F69C3-CAA6-491C-A0B6-6DC12B5AB472"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDD58C58-1B0C-4A71-8C02-F555CEF9C253"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C9C585C-A6EC-4385-B915-046C110BF95F"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EC2EE60-4A07-4D92-B9BC-BF07CF4F2BE9"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47DBE4ED-1CD8-4134-9B33-17A91F44F17B"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "119A964D-ABC8-424D-8097-85B832A833BD"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0375BF9E-D04B-4E5B-9051-536806ECA44E"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2266E5A2-B3F6-4389-B8E2-42CB845EC7F9"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "012A6CF7-9104-4882-9C95-E6D4458AB778"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AF5214D-9257-498F-A3EB-C4EC18E2FEB2"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78DE7780-4E8B-4BB6-BDEB-58032EC65851"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F29CEE37-4044-4A3C-9685-C9C021FD346A"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DC5BB06-100F-42C9-8CEB-CC47FD26DDF3"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5292764A-7D1C-4E04-86EF-809CB68EDD25"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1FDA817-3A50-4B9E-8F4E-F613BDB3E9EE"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E16D266-108F-4F8A-998D-F1CA25F2EAAD"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3h:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F84AE35F-D016-4B8F-8FE2-C2ACB200DFED"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41D55481-C80E-4400-9C3D-9F6B1F7F13CE"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4BF9829-F80E-4837-A420-39B291C4E17B"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07F9539-CFBE-46F7-9F5E-93A68169797D"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB6BD18B-B9BD-452F-986E-16A6668E46B6"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D136D2BC-FFB5-4912-A3B1-BD96148CB9A5"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A22256FE-431C-4AD9-9E7F-7EAC2D81B1B7"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADED0D82-2A4D-4235-BFAC-5EE2D862B652"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A443E93-6C4B-4F86-BA7C-7C2A929E795A"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ECEDD9D-6517-44BA-A95F-D1D5488C0E41"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}

9.8 /10