Cisco Routed PON Controller Software Vulnerabilities Allow Command Injection and Root Access
CVE-2024-20483

7.2HIGH

Key Information:

Vendor: Cisco
Status: Cisco iOS Xr Software
Vendor: CVE Published:; 11 September 2024

Summary

The Cisco Routed PON Controller Software, executed within a Docker container leveraging Cisco IOS XR Software, is susceptible to multiple vulnerabilities that could be exploited by attackers with Administrator-level access on the PON Manager. Insufficient validation of arguments in specific configuration commands allows these vulnerabilities to be leveraged for command injection attacks. By supplying specially crafted inputs to affected command arguments, an attacker can execute arbitrary commands as root within the PON controller container. This can result in significant security risks, emphasizing the importance of proper security measures and consistent patch management.

Affected Version(s)

Cisco IOS XR Software 24.1.1

Cisco IOS XR Software 24.2.1

Cisco IOS XR Software 24.1.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Nov 8, 2023