ГлавнаяУязвимости → CVE-2024-20320
7.8высокая

CVE-2024-20320

Описание

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.

Затрагиваемое ПО
Cisco Ios xrCisco Ios xrd control planeCisco Ios xrd vrouterCisco 8011-4g24y4h-iCisco 8101-32fhCisco 8101-32fh-oCisco 8101-32h-oCisco 8102-28fh-dpu-oCisco 8102-64hCisco 8102-64h-oCisco 8111-32eh-oCisco 8122-64eh-oCisco 8122-64ehf-oCisco 8201Cisco 8201-24h8fhCisco 8201-32fhCisco 8201-32fh-oCisco 8202Cisco 8202-32fh-mCisco 8212-48fh-mCisco 8404Cisco 8501-sys-mtCisco 8608Cisco 8700Cisco 8711-32fh-m
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3