#VU46251 Permissions, Privileges, and Access Controls in Cisco Systems, Inc products - CVE-2020-3473

Vulnerability identifier: #VU46251

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3473

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XR
Cisco IOS XRv 9000 Router
Cisco 8000 Series Routers
Cisco Network Convergence System 540 Series Routers
Cisco Network Convergence System 560 Series Routers
Network Convergence System 5500 Series
Cisco Network Convergence System 6000 Series Routers
Cisco Network Convergence System 4000

Software vendor:
Cisco Systems, Inc

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect mapping of a command to task groups within the source code. A local user can bypass the task group–based checks and gain elevated privileges on the target system.

Install updates from vendor's website.

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN