CVE-2024-20398 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-20398

Analyzed

More Info Official Page

Source-ykramarz@cisco.com

Published At-11 Sep, 2024 | 17:15

Updated At-03 Oct, 2024 | 01:47

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CPE Matches

Cisco Systems, Inc.

>>ios_xr>>6.5.1

cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.2

cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.3

cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.15

cpe:2.3:o:cisco:ios_xr:6.5.15:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.25

cpe:2.3:o:cisco:ios_xr:6.5.25:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.26

cpe:2.3:o:cisco:ios_xr:6.5.26:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.28

cpe:2.3:o:cisco:ios_xr:6.5.28:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.29

cpe:2.3:o:cisco:ios_xr:6.5.29:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.31

cpe:2.3:o:cisco:ios_xr:6.5.31:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.32

cpe:2.3:o:cisco:ios_xr:6.5.32:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.33

cpe:2.3:o:cisco:ios_xr:6.5.33:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.90

cpe:2.3:o:cisco:ios_xr:6.5.90:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.92

cpe:2.3:o:cisco:ios_xr:6.5.92:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.5.93

cpe:2.3:o:cisco:ios_xr:6.5.93:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.6.1

cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.6.2

cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.6.3

cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.6.4

cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.6.11

cpe:2.3:o:cisco:ios_xr:6.6.11:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.6.12

cpe:2.3:o:cisco:ios_xr:6.6.12:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>6.6.25

cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.0.0

cpe:2.3:o:cisco:ios_xr:7.0.0:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.0.1

cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.0.2

cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.0.11

cpe:2.3:o:cisco:ios_xr:7.0.11:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.0.12

cpe:2.3:o:cisco:ios_xr:7.0.12:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.0.14

cpe:2.3:o:cisco:ios_xr:7.0.14:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.0.90

cpe:2.3:o:cisco:ios_xr:7.0.90:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.1.1

cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.1.2

cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.1.3

cpe:2.3:o:cisco:ios_xr:7.1.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.1.15

cpe:2.3:o:cisco:ios_xr:7.1.15:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.1.25

cpe:2.3:o:cisco:ios_xr:7.1.25:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.2.0

cpe:2.3:o:cisco:ios_xr:7.2.0:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.2.1

cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.2.2

cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.2.12

cpe:2.3:o:cisco:ios_xr:7.2.12:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.3.1

cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.3.2

cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.3.3

cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.3.4

cpe:2.3:o:cisco:ios_xr:7.3.4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.3.5

cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.3.6

cpe:2.3:o:cisco:ios_xr:7.3.6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.3.15

cpe:2.3:o:cisco:ios_xr:7.3.15:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.3.16

cpe:2.3:o:cisco:ios_xr:7.3.16:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.3.27

cpe:2.3:o:cisco:ios_xr:7.3.27:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.4.1

cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.4.2

cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.4.15

cpe:2.3:o:cisco:ios_xr:7.4.15:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xr>>7.4.16

cpe:2.3:o:cisco:ios_xr:7.4.16:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-78	Primary	nvd@nist.gov
CWE-78	Secondary	ykramarz@cisco.com

CWE ID: CWE-78

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-78

Type: Secondary

Source: ykramarz@cisco.com

References

Hyperlink	Source	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq	ykramarz@cisco.com	Vendor Advisory

Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq

Source: ykramarz@cisco.com

Resource:

Vendor Advisory