Incorrect Privilege Assignment in Cisco Systems, Inc Hardware solutions

#VU87518 Incorrect Privilege Assignment in Cisco Systems, Inc Hardware solutions

Published: 2024-03-14

Vulnerability identifier: #VU87518

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20320

CWE-ID: CWE-266

Exploitation vector: Local

Exploit availability: No

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of arguments that are included with the SSH client CLI command. A local user can elevate privileges to root on the target device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco IOS XR: 7.3.2 - 7.10

IOS XRd Control Plane: All versions

IOS XRd vRouter: All versions

Cisco 8000 Series Routers: All versions

Cisco 8201 Router: All versions

Cisco 8202 Router: All versions

Cisco 8808 Router: All versions

Cisco 8812 Router: All versions

Cisco 8818 Router: All versions

Cisco NCS 540-12Z20G-SYS-A Router: All versions

Cisco NCS 540-12Z20G-SYS-D Router: All versions

Cisco NCS 540-24Q8L2DD-SYS Router: All versions

Cisco NCS 540-28Z4C-SYS-A Router: All versions

Cisco NCS 540-28Z4C-SYS-D Router: All versions

Cisco NCS 540-6Z14S-SYS-D Router: All versions

Cisco NCS 540-6Z18G-SYS-D Router: All versions

Cisco NCS 540-FH-AGG Router: All versions

Cisco NCS 540-FH-CSR-SYS Router: All versions

Cisco NCS 540X-12Z16G-SYS-A Router: All versions

Cisco NCS 540X-12Z16G-SYS-D Router: All versions

Cisco NCS 540X-16Z4G8Q2C-A Router: All versions

Cisco NCS 540X-16Z4G8Q2C-D Router: All versions

Cisco NCS 540X-16Z8Q2C-D Router: All versions

Cisco NCS 540X-4Z14G2Q-A Router: All versions

Cisco NCS 540X-4Z14G2Q-D Router: All versions

Cisco NCS 540X-6Z18G-SYS-A Router: All versions

Cisco NCS 540X-6Z18G-SYS-D Router: All versions

Cisco NCS 540X-8Z16G-SYS-A Router: All versions

Cisco NCS 540X-8Z16G-SYS-D Router: All versions

Cisco Network Convergence System 1000 Series: All versions

Cisco Network Convergence System 1010: All versions

Cisco Network Convergence System 500 Series Routers: All versions

Cisco Network Convergence System 540 Router: All versions

Cisco Network Convergence System 540 Series Routers: All versions

Cisco Network Convergence System 5700 Series: All versions

Cisco Network Convergence System 57B1-5DSE-SYS: All versions

Cisco Network Convergence System 57B1-6D24-SYS: All versions

Cisco Network Convergence System NCS-57C1-48Q6-SYS: All versions

Cisco Network Convergence System NCS-57D2-18DD-SYS: All versions

External links
http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Incorrect Privilege Assignment in Cisco IOS XR Software