QID 316785

Date Published: 2023-09-27

QID 316785: Cisco Internetwork Operating System (IOS) XR Authenticated User Privilege Escalation Vulnerability (cisco-sa-iosxr-cli-privescl-sDVEmhqv)

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required.
The attacker must have valid credentials on the affected device.

Affected Products
Cisco products if they are running a vulnerable release of Cisco IOS XR Software: ASR 9000 Series Aggregation Services Routers (32-bit and 64-bit models) IOS XR, SW only Network Convergence System 1000 Series Network Convergence System 5000 Series Network Convergence System 5500 Series

QID Detection Logic (Authenticated):
The check matches Cisco IOS XR version retrieved via Unix Auth using "show version" command.

NOTE: This QID does not checks for Workaround and SMU AA17739/AA17740 Hence set as Practice.

A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.

  • CVSS V3 rated as Critical - 8.4 severity.
  • CVSS V2 rated as Medium - 5.6 severity.
    • Solution

    Customers are advised to refer to cisco-sa-iosxr-cli-privescl-sDVEmhqv for more information.

    Vendor References

    CVEs related to QID 316785

    CVE-2020-3530 |
    Software Advisories
    Advisory ID Software Component Link
    cisco-sa-iosxr-cli-privescl-sDVEmhqv URL Logo tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].