Cisco IOS XE Software Vulnerability: Elevation of Privileges
CVE-2024-20278

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco iOS Xe Software
Vendor: CVE Published:; 27 March 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device.

This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.

Affected Version(s)

Cisco IOS XE Software 17.6.1

Cisco IOS XE Software 17.6.2

Cisco IOS XE Software 17.6.1w

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 15, 2024
Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Nov 8, 2023