Main Vulnerability Database Vulnerabilities #VU46252

#VU46252 Permissions, Privileges, and Access Controls in Cisco Systems, Inc products - CVE-2020-3530

Published: September 3, 2020

Vulnerability identifier: #VU46252

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3530

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XR
Cisco ASR 9000 Series Aggregation Services Routers
Cisco Network Convergence System 5000 Series
Network Convergence System 5500 Series
Cisco Network Convergence System 1000 Series

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect mapping in the source code of task group assignments for a specific command. A local user can issue the command, which they should not be authorized to issue and gain elevated privileges on the target system.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv

#VU46252 Permissions, Privileges, and Access Controls in Cisco Systems, Inc products - CVE-2020-3530

Description

Remediation

External links

Please verify you're human