Cisco IOS XR Software Vulnerability Allows Elevation of Privileges
CVE-2024-20398

7.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco iOS Xr Software
Vendor: CVE Published:; 11 September 2024

Summary

A vulnerability exists in the Command Line Interface (CLI) of Cisco IOS XR Software that enables an authenticated, local attacker to gain read/write file system access on the underlying operating system of the affected device. This issue stems from inadequate validation of user arguments associated with specific CLI commands. An attacker possessing a low-privileged account can exploit this vulnerability by executing specially crafted commands in the CLI prompt. Successful exploitation can permit the attacker to elevate their privileges to that of the root user, thereby compromising the integrity and security of the device.

Affected Version(s)

Cisco IOS XR Software 6.5.3

Cisco IOS XR Software 6.5.29

Cisco IOS XR Software 6.5.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Nov 8, 2023