CVE-2020-3394

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default.

Severity	HIGH
CVSS	7.8
CWE	CWE-285
KEV
Published	5 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco Nexus Dashboard	cisco-sa-n3n9k-priv-escal-3QhXJBC
Cisco Firepower Extensible Operating System (FXOS)	cisco-sa-n3n9k-priv-escal-3QhXJBC
Cisco Catalyst PON Series Switches	cisco-sa-n3n9k-priv-escal-3QhXJBC
Cisco Application Centric Infrastructure Virtual Edge	cisco-sa-n3n9k-priv-escal-3QhXJBC
Cisco Nexus 9000 Series Switches	cisco-sa-n3n9k-priv-escal-3QhXJBC
Cisco Nexus 3000 Series Switches	cisco-sa-n3n9k-priv-escal-3QhXJBC
Cisco Nexus 3000 Series Switch	cisco-sa-n3n9k-priv-escal-3QhXJBC
Cisco NX-OS Software	cisco-sa-n3n9k-priv-escal-3QhXJBC