1. Home
  2. CVE Database
  3. CVE-2020-3394
HIGH · 7.8

CVE-2020-3394

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the...

Vulnerability Description

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoNx-Os-
CiscoNexus 3016-
CiscoNexus 3048-
CiscoNexus 3064-
CiscoNexus 3064-T-
CiscoNexus 31108Pc-V-
CiscoNexus 31108Tc-V-
CiscoNexus 31128Pq-
CiscoNexus 3132C-Z-
CiscoNexus 3132Q-
CiscoNexus 3132Q-V-
CiscoNexus 3132Q-Xl-
CiscoNexus 3164Q-
CiscoNexus 3172-
CiscoNexus 3172Pq-Xl-
CiscoNexus 3172Tq-
CiscoNexus 3172Tq-32T-
CiscoNexus 3172Tq-Xl-
CiscoNexus 3232C-
CiscoNexus 3264C-E-

Related Weaknesses (CWE)

CWE-285CWE-862

References

FAQ

What is CVE-2020-3394?

CVE-2020-3394 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the...

How severe is CVE-2020-3394?

CVE-2020-3394 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3394?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 3016, Cisco Nexus 3048, Cisco Nexus 3064, Cisco Nexus 3064-T.