CVE-2020-3530
8.4
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Exploitability: 2.0 / Impact: 5.8
Source: NVD
Description
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.
Affected (1)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 7.1.2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Asr 9000v | All versions |
Cisco Asr 9001 | All versions |
Cisco Asr 9006 | All versions |
Cisco Asr 9010 | All versions |
Cisco Asr 9901 | All versions |
Cisco Asr 9904 | All versions |
Cisco Asr 9906 | All versions |
Cisco Asr 9910 | All versions |
Cisco Asr 9912 | All versions |
Cisco Asr 9922 | All versions |
Cisco Ncs 1001 | All versions |
Cisco Ncs 1002 | All versions |
Cisco Ncs 1004 | All versions |
Cisco Ncs 5001 | All versions |
Cisco Ncs 5002 | All versions |
Cisco Ncs 5011 | All versions |
Cisco Ncs 5501 | All versions |
Cisco Ncs 5501 Se | All versions |
Cisco Ncs 5502 | All versions |
Cisco Ncs 5502 Se | All versions |
Cisco Ncs 5508 | All versions |
Cisco Ncs 5516 | All versions |
Related CWEs
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.