Cisco IOS XE Software Vulnerability: Elevation of Privileges

CVE-2024-20278

6.5MEDIUM

Key Information

Vendor: Cisco
Status: Cisco iOS Xe Software
Vendor: CVE Published:; 27 March 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.

Affected Version(s)

Cisco IOS XE Software = 17.6.1

Cisco IOS XE Software = 17.6.2

Cisco IOS XE Software = 17.6.1w

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 15, 2024
Vulnerability published.
Mar 27, 2024
Vulnerability Reserved.
Nov 8, 2023

Collectors

NVD DatabaseMitre Database