Permissions, Privileges, and Access Controls in Cisco Systems, Inc products - CVE-2020-3530

 

Permissions, Privileges, and Access Controls in Cisco Systems, Inc products - CVE-2020-3530

Published: September 3, 2020


Vulnerability identifier: #VU46252
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3530
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco IOS XR
Cisco ASR 9000 Series Aggregation Services Routers
Cisco Network Convergence System 5000 Series
Network Convergence System 5500 Series
Cisco Network Convergence System 1000 Series

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect mapping in the source code of task group assignments for a specific command. A local user can issue the command, which they should not be authorized to issue and gain elevated privileges on the target system.


How to mitigate CVE-2020-3530

Install updates from vendor's website.

Sources