CVE-2020-3394 HIGH

CVE-2020-3394: Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability

Vendor Cisco
Product Cisco NX-OS Software
Weakness CWE-285
Published August 27, 2020
Last update November 13, 2024
View on NVD All CVEs

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default.

Key dates

02Disclosure timeline

August 27, 2020 CVE published
November 13, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-13692 Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference CVE-2023-33019 Improper Authorization in WLAN Host CVE-2018-15465 Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability CVE-2026-45147 SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk CVE-2022-29233 Improper access control for breakout rooms in BigBlue Button