Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-20262

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-13 Mar, 2024 | 16:46
Updated At-01 Aug, 2024 | 21:52
Rejected At-
Credits

A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:13 Mar, 2024 | 16:46
Updated At:01 Aug, 2024 | 21:52
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco IOS XR Software
Versions
Affected
  • 5.2.0
  • 5.2.1
  • 5.2.2
  • 5.2.4
  • 5.2.3
  • 5.2.5
  • 5.2.47
  • 5.3.0
  • 5.3.1
  • 5.3.2
  • 5.3.3
  • 5.3.4
  • 6.0.0
  • 6.0.1
  • 6.0.2
  • 6.1.1
  • 6.1.2
  • 6.1.3
  • 6.1.4
  • 6.1.12
  • 6.1.22
  • 6.1.32
  • 6.1.36
  • 6.1.42
  • 6.2.1
  • 6.2.2
  • 6.2.3
  • 6.2.25
  • 6.2.11
  • 6.3.2
  • 6.3.3
  • 6.3.15
  • 6.4.1
  • 6.4.2
  • 6.4.3
  • 6.5.1
  • 6.5.2
  • 6.5.3
  • 6.5.25
  • 6.5.26
  • 6.5.28
  • 6.5.29
  • 6.5.32
  • 6.5.33
  • 6.6.2
  • 6.6.3
  • 6.6.25
  • 6.6.4
  • 7.0.1
  • 7.0.2
  • 7.0.12
  • 7.0.14
  • 7.1.1
  • 7.1.2
  • 6.7.2
  • 6.7.4
  • 7.2.0
  • 7.2.1
  • 7.2.2
  • 7.3.1
  • 7.3.15
  • 7.3.2
  • 7.3.3
  • 7.3.5
  • 7.4.1
  • 7.4.2
  • 7.5.1
  • 7.5.3
  • 7.5.2
  • 7.5.4
  • 7.5.5
  • 7.6.1
  • 7.6.2
  • 7.7.1
  • 7.7.2
  • 7.7.21
  • 7.8.1
  • 7.8.2
  • 7.9.1
  • 7.9.2
  • 7.10.1
  • 7.10.2
Problem Types
TypeCWE IDDescription
cweCWE-269Improper Privilege Management
Type: cwe
CWE ID: CWE-269
Description: Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw
x_transferred
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:13 Mar, 2024 | 17:15
Updated At:13 Mar, 2024 | 18:15

A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-269Secondaryykramarz@cisco.com
CWE ID: CWE-269
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHwykramarz@cisco.com
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw
Source: ykramarz@cisco.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

61Records found
CVE-2020-27122
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 14.26%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:15
Updated-13 Nov, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-27132
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.35% / 57.35%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 16:40
Updated-13 Nov, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-jabberjabber_for_mobile_platformsCisco Jabber
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1258
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.60%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:17
Updated-12 Nov, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.McAfee, LLCMicrosoft Corporation
Product-agent_epolicy_orchestrator_extensionwindowsanyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1572
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.38%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 17:20
Updated-07 Nov, 2024 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-confdnetwork_services_orchestratorCisco ConfD
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-3600
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.10%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:17
Updated-13 Nov, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wanCisco SD-WAN Solution
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-3593
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.48%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:17
Updated-13 Nov, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to a utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wanCisco SD-WAN Solution
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-3396
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 16.23%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:02
Updated-13 Nov, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9300-24pcatalyst_c9500-32qc4331\/k9-ws_integrated_services_router1100-6g_integrated_services_routercatalyst_c9300-48scatalyst_c9407r4331\/k9_integrated_services_router4351\/k9_integrated_services_routercatalyst_c9300-48pcatalyst_c9300-48ucatalyst_c9300l-48t-4x4351\/k9-ws_integrated_services_router1100-4gltena_integrated_services_router1100_integrated_services_routercatalyst_c9300l-24t-4g1100-lte_integrated_services_routercatalyst_c9500-16xcatalyst_c9300-48tasr_1000-xasr_1002catalyst_c9300l-24t-4xcsr1000vasr_1004catalyst_c9300l-24p-4xcatalyst_c9500-12qcatalyst_c9300l-48p-4gcatalyst_c9500-24q4351\/k9-rf_integrated_services_router4321\/k9-ws_integrated_services_routercatalyst_c9300-24scatalyst_c9300-48un1100-4g_integrated_services_routercatalyst_c9300-48uxmasr_1013catalyst_c9300-24tasr_1023catalyst_c9300l-48p-4xcatalyst_c9500-24y4c4321\/k9-rf_integrated_services_routercatalyst_c9300l-24p-4gasr_1001catalyst_c9500-40xios_xecatalyst_c9300l-48t-4gcatalyst_c9404rcatalyst_c9300-24ucatalyst_c9500-48y4casr_1006catalyst_c9300-24uxasr_1001-xcatalyst_c9500-32c1100-4gltegb_integrated_services_router4331\/k9-rf_integrated_services_routerasr_1002-x4321\/k9_integrated_services_routercatalyst_c9410rCisco IOS XE Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-3112
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.94%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 19:16
Updated-15 Nov, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-27133
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.44% / 62.98%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 16:40
Updated-13 Nov, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-jabberjabber_for_mobile_platformsCisco Jabber
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26080
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.14% / 33.46%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 17:40
Updated-13 Nov, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IoT Field Network Director Improper Domain Access Control Vulnerability

A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iot_field_network_directorCisco IoT Field Network Director (IoT-FND)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26072
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.7||HIGH
EPSS-0.23% / 45.45%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 17:40
Updated-13 Nov, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iot_field_network_directorCisco IoT Field Network Director (IoT-FND)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • Next
Details not found